Exchange Server 2016 CU3 and later supports installation on Windows Server 2016 for the Mailbox server role. The Edge Transport server role is not supported. The installation process for Exchange on Windows Server 2016 is much the same as installing previous builds of Exchange 2016 on Windows Server:
- Install the Exchange 2016 pre-requisites (note that .NET Framework does not need to be separately installed)
- Run Exchange 2016 setup
After setup is complete the Windows Defender service on the server should be configured with antivirus exclusions for Exchange 2016. The guidance remains the same for now, but Windows Defender has PowerShell cmdlets available that make it easier to configure the exclusions when compared with third party antivirus products.
On a newly installed Windows 2016 server there’s no exclusions configured by default.
PS C:\> Get-MpPreference | Select Exclusion* ExclusionExtension : ExclusionPath : ExclusionProcess :
I’ve updated my Get-Exchange2016AVExclusions.ps1 script with an additional -ConfigureWindowsDefender switch that will add the exclusions to Windows Defender on the local server.
[PS] C:\Scripts\>.\Get-Exchange2016AVExclusions.ps1 -ConfigureWindowsDefender
Do you know if it’s ok to have an Exchange 2016 DAG with mixed OS versions?
Example: Have one DAG across sites, where you have 2 servers in one site with Windows Server 2016 Standard and have 2 servers on the other site with Windows Server 2016 Datacenter.
Why do you feel like you need to deploy different server OS versions in the first place?
Because we’re planning on having physical servers on the primary site (and therefore, no need to buy Windows server Datacenter version)
But on the other site the Exchange servers will live on a virtual environment where Windows Server Datacenter already exists.
Note: It will be an Active/Passive DAG.
Thank you Paul.
Any tips on Exchange 2016 hardening for Windows Server 2016? not sure if this article- http://www.admin-enclave.com/en/articles/exchange/347-hardening-microsoft-exchange-2016-server.html is applicable for OS2016. thanks
I’m a Junior college teacher looking for teaching material you could point me too for teaching exchange 2016 to my students, they already take a full class on windows 2016.
Are there any benefits to running Exchange 2016 on Server 2016 as opposed to Server 2012 R2?
Yes, the same question from me. We are testing Exchange 2016 CU4 on Window Server 2016. The combination of Server 2012R2/ Exchange 2016 has been OK until now. How about Exchange 2016 CU4 on Server 2012R2 ? Is it OK?
This is a great script! Is there a way to get the output into CSV instead of TXT so I can then use the CSV to create the exclusions in Windows Defender via PS?
I do a lot with PS but I’m still a bit of a novice. I tried to modify the script to Export-Csv but the CSV data was not what I expected.
Or maybe there is a way to use the TXT files that I am not aware of.
Oop, I see your script does enable the exclusions. I was not seeing the exclusions:
Get-MpPreference | FL Exclusion*
I got these errors when running the script:
Add-MpPreference : Operation failed with the following error: 0x%1!x!
I am thinking it is because the client disabled realtime scanning:
Get-MpPreference | FL DisableRealtimeMonitoring
DisableRealtimeMonitoring : True
At this point I have not yet been able to confirm it is the disabled Realtime Scanning that is causing the script errors when trying to add the exclusions.
Maybe someone does know?
I installed EX 2016 with 2 Mailbox srv and 1 Edge transport srv, with WS 2012R2
My system run for 1 month, we use MS outlook IMAP with port 143 and 25.
This week, we can’t use port 25, Outlook asked for password. I changed to 465 ssl that ok. Today, I restart 2 MB Srv then user port 25 it works about 3 hours and I can use port 25 in Outlook.
Antivirus software was disable, telnet to 25 still work.
Help me, please!
Thank you very much!
Your IMAP clients should be using port 587 for SMTP. There’s a connector set up by default in Exchange 2016 on that port and for that purpose.
I tested, same problem with 587.
What problem? Being asked for a password? That’s normal. They need to authenticate.
Use OWA stil normal.
Logon method domain\user
Event log has a lot of warning “Inbound authentication failed with error LogonDenied for Receive connector Default Frontend EX-MB-01. The authentication mechanism is Login. The source IP address of the client who tried to authenticate to Microsoft Exchange is [220.127.116.11].”
Do you think, problem with frontend?
The default frontend connector is the one listening on port 25. They should be using port 587 in their IMAP client configuration instead.
Build number 15.01.0225.037
That exact build number is not listed here as far as I can tell:
Assuming there’s a typo and what you’re actually trying to install is 15.01.0225.042, you’ll see on that page that build number is Exchange 2016 RTM. That version of Exchange is not supported to run on Windows Server 2016. You must use at least CU3. CU3 has some bugs though, so you should look at installing CU4 which was released this week.
I have the same problem as jason
Exchange build is the latest from eopen
I don’t know what the latest from eopen is, so you’ll have to tell me.
I am installing Exchange 2016 on a Windows 2016 Server STD with GUI and I get this error trying to install Exchange 2016 – I get error on pre-reqs below:
What is the ServerGuiMgmtInfra Feature now called in Windows 2016 Server? I cannot find it and I am using Desktop experience Win 2016 STD edition.
Which build of Exchange 2016 are you trying to install?
Something worth mentioning;
When I tried to install Exchange 2013 CU3 (full install) it keep gave me the ” A reboot from a previous installation is pending ” error.
I am familiar with the UpdateExeVolatile registry key and the PendingFileRenameOperations registry key in the HKEY Local Machine System CurrentControlSet Control Session Manager.
But there was nothing present there not even the empty keys. So upon further research I stumbled upon PendMoves and MoveFile (Windows Sysinternals from Mark Russinovich).
PendMoves told me I had files Pending FIle Rename Operations in the
C:Windowssystem32spoolV4Dirs with all kinds of dirs with GUIDS in it.
But this was a fresh install of Windows Server 2016 with only AD/DNS installed on it.
Still I couldn’t find those in the PendingFileRenameOperations so then I checked the whole registry on that key and I found it.
HKEY Local Machine System ControlSet001 Control Session Manager was the location.
So instead of CurrentControlSet it was ControlSet001 in Windows Server 2016.
Maybe you can add this to the article? I don’t know if this differs from the previous Windows Servers Edition because I do not have much Experience with the final version of Windows Server 2016.
And I did not want to install Exchange 2016 on a Technical Preview which I already been testing for almost a year right now. Besides it took some time to for CU3 to show up.
I thought sharing this would be good to help others and I was racking my brain for a few days.
O and I restarted like ten times so that was not the problem
I disable defender on 2016 servers. seems very intensive. Any downsides to this?
The downside is no malware protection.
What about doing an in-place upgrade of Exchange 2016 running on Server 2012 R2 to Server 2016? It didn’t work for me. Exchange services wouldn’t start.
Upgrading the underlying operating system for an Exchange server is not supported for any version of Exchange.
So what/where are the migration steps to move Exchange 2016 from Windows Server 2012 to Windows Server 2016?
– Deploy new Windows 2016 server
– Install second instance of Exchange 2016 (any potential interference with existing Exchange 2016 installation?)
– Apply same settings as existing Exchange server
– Move mailboxes to new Exchange server (how?)
– Change firewall to map inbound ports to new Exchange server
– Shutdown old Exchange server
– Move licensing from old Exchange server to new Exchange server?
Here you go:
Thanks. Read through the like-for-like, and the autodiscovery/certificate article it referenced. The one part I don’t feel like I understand well enough before “diving in” is the bit about setting the SCP back to the original value immediately after the 2nd Exchange installation.
When I issue “Get-ClientAccessService | fl” there are something like 25 lines returned. Is the gist of setting the SCP back to the “original value” just a matter of setting the AutoDiscoverServiceInternalUri back to what it was?
AutoDiscoverServiceInternalUri is the only thing you need to touch.
“….you need to be aware of the Autodiscover SCP that the new server will be registering in Active Directory, and be prepared to change that immediately to match the Autodiscover URL for the existing server”
Ah, very good. Thanks for the clarification! (And for the site and content. It is appreciated.)
PS1 dont working for me.
Dont run in my windows 2016 powershell
Error the signature
I disabled WIndows Defender on Windows 2016…
thanks sir,really awesome
thanks sir,really awesome
Now Exchange 2016 is compatibility on Windows Server 2016, because that from back months this not supported. Thanks