• Home
  • Topics
    • Office 365
    • Teams
    • SharePoint Online
    • Exchange 2019
    • Exchange 2016
    • Exchange 2013
    • Hybrid
    • Certificates
    • PowerShell
    • Migration
    • Security
    • Azure
  • Blog
  • Podcast
  • Webinars
  • Books
  • About
  • Videos
    • Interview Videos
    • How To Guide Videos
  • Subscribe
    • Facebook
    • Twitter
    • RSS
    • YouTube

Practical 365

You are here: Home / Exchange Server / Installing Exchange Server 2016 on Windows Server 2016

Installing Exchange Server 2016 on Windows Server 2016

September 28, 2016 by Paul Cunningham 38 Comments

Exchange Server 2016 CU3 and later supports installation on Windows Server 2016 for the Mailbox server role. The Edge Transport server role is not supported. The installation process for Exchange on Windows Server 2016 is much the same as installing previous builds of Exchange 2016 on Windows Server:

  1. Install the Exchange 2016 pre-requisites (note that .NET Framework does not need to be separately installed)
  2. Run Exchange 2016 setup

After setup is complete the Windows Defender service on the server should be configured with antivirus exclusions for Exchange 2016. The guidance remains the same for now, but Windows Defender has PowerShell cmdlets available that make it easier to configure the exclusions when compared with third party antivirus products.

On a newly installed Windows 2016 server there’s no exclusions configured by default.

1
2
3
4
5
PS C:\> Get-MpPreference | Select Exclusion*
 
ExclusionExtension :
ExclusionPath      :
ExclusionProcess   :


I’ve updated my Get-Exchange2016AVExclusions.ps1 script with an additional -ConfigureWindowsDefender switch that will add the exclusions to Windows Defender on the local server.

1
[PS] C:\Scripts\>.\Get-Exchange2016AVExclusions.ps1 -ConfigureWindowsDefender

Exchange Server Antivirus, Exchange 2016, PowerShell, Scripts, Windows Defender, Windows Server 2016

Comments

  1. Adrian says

    June 7, 2018 at 1:58 pm

    Hi Paul.

    Do you know if it’s ok to have an Exchange 2016 DAG with mixed OS versions?
    Example: Have one DAG across sites, where you have 2 servers in one site with Windows Server 2016 Standard and have 2 servers on the other site with Windows Server 2016 Datacenter.

    Thank you.

    Reply
    • Paul Cunningham says

      June 7, 2018 at 2:19 pm

      Why do you feel like you need to deploy different server OS versions in the first place?

      Reply
      • Adrian says

        June 7, 2018 at 2:50 pm

        Hi Paul.

        Because we’re planning on having physical servers on the primary site (and therefore, no need to buy Windows server Datacenter version)
        But on the other site the Exchange servers will live on a virtual environment where Windows Server Datacenter already exists.
        Note: It will be an Active/Passive DAG.

        Thank you Paul.

        Reply
  2. Raj says

    October 13, 2017 at 1:42 am

    Hi Paul,

    Any tips on Exchange 2016 hardening for Windows Server 2016? not sure if this article- http://www.admin-enclave.com/en/articles/exchange/347-hardening-microsoft-exchange-2016-server.html is applicable for OS2016. thanks

    Reply
  3. Marc says

    July 15, 2017 at 2:13 am

    I’m a Junior college teacher looking for teaching material you could point me too for teaching exchange 2016 to my students, they already take a full class on windows 2016.

    Reply
  4. Tyler Do says

    June 10, 2017 at 5:41 am

    Are there any benefits to running Exchange 2016 on Server 2016 as opposed to Server 2012 R2?

    Reply
    • Space_Pirate says

      August 5, 2017 at 12:10 pm

      Yes, the same question from me. We are testing Exchange 2016 CU4 on Window Server 2016. The combination of Server 2012R2/ Exchange 2016 has been OK until now. How about Exchange 2016 CU4 on Server 2012R2 ? Is it OK?

      Reply
  5. Mark Levendowski says

    April 21, 2017 at 11:35 pm

    This is a great script! Is there a way to get the output into CSV instead of TXT so I can then use the CSV to create the exclusions in Windows Defender via PS?
    I do a lot with PS but I’m still a bit of a novice. I tried to modify the script to Export-Csv but the CSV data was not what I expected.
    Or maybe there is a way to use the TXT files that I am not aware of.
    Thanks,
    Mark

    Reply
    • Mark Levendowski says

      April 22, 2017 at 12:57 am

      Oop, I see your script does enable the exclusions. I was not seeing the exclusions:
      Get-MpPreference | FL Exclusion*
      ExclusionExtension :
      ExclusionPath :
      ExclusionProcess :
      I got these errors when running the script:
      Add-MpPreference : Operation failed with the following error: 0x%1!x!
      I am thinking it is because the client disabled realtime scanning:
      Get-MpPreference | FL DisableRealtimeMonitoring
      DisableRealtimeMonitoring : True
      At this point I have not yet been able to confirm it is the disabled Realtime Scanning that is causing the script errors when trying to add the exclusions.
      Maybe someone does know?

      Reply
  6. Tung Nguyen says

    March 23, 2017 at 7:18 pm

    Hi Paul,
    I installed EX 2016 with 2 Mailbox srv and 1 Edge transport srv, with WS 2012R2
    My system run for 1 month, we use MS outlook IMAP with port 143 and 25.
    This week, we can’t use port 25, Outlook asked for password. I changed to 465 ssl that ok. Today, I restart 2 MB Srv then user port 25 it works about 3 hours and I can use port 25 in Outlook.
    Antivirus software was disable, telnet to 25 still work.
    Help me, please!
    Thank you very much!

    Reply
    • Paul Cunningham says

      March 24, 2017 at 9:37 am

      Your IMAP clients should be using port 587 for SMTP. There’s a connector set up by default in Exchange 2016 on that port and for that purpose.

      Reply
      • Tung Nguyen says

        March 24, 2017 at 1:00 pm

        Tks Paul!
        I tested, same problem with 587.

        Reply
        • Paul Cunningham says

          March 24, 2017 at 2:28 pm

          What problem? Being asked for a password? That’s normal. They need to authenticate.

          Reply
          • Tung Nguyen says

            March 24, 2017 at 3:45 pm

            Use OWA stil normal.
            Logon method domain\user
            Event log has a lot of warning “Inbound authentication failed with error LogonDenied for Receive connector Default Frontend EX-MB-01. The authentication mechanism is Login. The source IP address of the client who tried to authenticate to Microsoft Exchange is [190.248.131.102].”
            Do you think, problem with frontend?

        • Paul Cunningham says

          March 24, 2017 at 10:01 pm

          The default frontend connector is the one listening on port 25. They should be using port 587 in their IMAP client configuration instead.

          Reply
  7. Walter says

    December 15, 2016 at 5:14 am

    Hello Paul

    Build number 15.01.0225.037

    Reply
    • Paul Cunningham says

      December 15, 2016 at 8:50 am

      That exact build number is not listed here as far as I can tell:

      https://technet.microsoft.com/en-us/library/hh135098(v=exchg.150).aspx

      Assuming there’s a typo and what you’re actually trying to install is 15.01.0225.042, you’ll see on that page that build number is Exchange 2016 RTM. That version of Exchange is not supported to run on Windows Server 2016. You must use at least CU3. CU3 has some bugs though, so you should look at installing CU4 which was released this week.

      Reply
  8. Walter Gabauer says

    December 13, 2016 at 7:10 am

    Hello Paul,
    I have the same problem as jason
    Exchange build is the latest from eopen

    Reply
    • Paul Cunningham says

      December 13, 2016 at 8:28 am

      I don’t know what the latest from eopen is, so you’ll have to tell me.

      Reply
  9. Jason Rainsforth says

    December 7, 2016 at 6:30 am

    Hi,

    I am installing Exchange 2016 on a Windows 2016 Server STD with GUI and I get this error trying to install Exchange 2016 – I get error on pre-reqs below:

    http://technet.microsoft.com/library(EXCHG.160)/ms.exch.setupreadiness.ServerGuiMgmtInfraNotInstalled.aspx

    What is the ServerGuiMgmtInfra Feature now called in Windows 2016 Server? I cannot find it and I am using Desktop experience Win 2016 STD edition.

    Tks

    Reply
    • Paul Cunningham says

      December 7, 2016 at 10:40 am

      Which build of Exchange 2016 are you trying to install?

      Reply
  10. Roël Ramjiawan says

    November 13, 2016 at 4:24 am

    Dear Paul,

    Something worth mentioning;

    When I tried to install Exchange 2013 CU3 (full install) it keep gave me the ” A reboot from a previous installation is pending ” error.

    I am familiar with the UpdateExeVolatile registry key and the PendingFileRenameOperations registry key in the HKEY Local Machine System CurrentControlSet Control Session Manager.

    But there was nothing present there not even the empty keys. So upon further research I stumbled upon PendMoves and MoveFile (Windows Sysinternals from Mark Russinovich).
    PendMoves told me I had files Pending FIle Rename Operations in the
    C:Windowssystem32spoolV4Dirs with all kinds of dirs with GUIDS in it.

    But this was a fresh install of Windows Server 2016 with only AD/DNS installed on it.

    Still I couldn’t find those in the PendingFileRenameOperations so then I checked the whole registry on that key and I found it.

    HKEY Local Machine System ControlSet001 Control Session Manager was the location.

    So instead of CurrentControlSet it was ControlSet001 in Windows Server 2016.

    Maybe you can add this to the article? I don’t know if this differs from the previous Windows Servers Edition because I do not have much Experience with the final version of Windows Server 2016.

    And I did not want to install Exchange 2016 on a Technical Preview which I already been testing for almost a year right now. Besides it took some time to for CU3 to show up.

    I thought sharing this would be good to help others and I was racking my brain for a few days.

    Reply
    • Roël Ramjiawan says

      November 13, 2016 at 4:46 am

      O and I restarted like ten times so that was not the problem

      Reply
  11. Hayden Kirk says

    October 30, 2016 at 2:11 pm

    I disable defender on 2016 servers. seems very intensive. Any downsides to this?

    Reply
    • Paul Cunningham says

      October 30, 2016 at 9:26 pm

      The downside is no malware protection.

      Reply
  12. Fred says

    October 30, 2016 at 6:38 am

    What about doing an in-place upgrade of Exchange 2016 running on Server 2012 R2 to Server 2016? It didn’t work for me. Exchange services wouldn’t start.

    Reply
    • Paul Cunningham says

      October 30, 2016 at 1:33 pm

      Upgrading the underlying operating system for an Exchange server is not supported for any version of Exchange.

      Reply
      • ndfan77 says

        November 3, 2016 at 12:26 pm

        So what/where are the migration steps to move Exchange 2016 from Windows Server 2012 to Windows Server 2016?

        Something like(?):
        – Deploy new Windows 2016 server
        – Install second instance of Exchange 2016 (any potential interference with existing Exchange 2016 installation?)
        – Apply same settings as existing Exchange server
        – Move mailboxes to new Exchange server (how?)
        – Change firewall to map inbound ports to new Exchange server
        – Shutdown old Exchange server
        – Move licensing from old Exchange server to new Exchange server?

        Reply
        • Paul Cunningham says

          November 3, 2016 at 3:49 pm

          Here you go:

          https://www.practical365.com/performing-like-like-exchange-server-migration/

          Reply
          • ndfan77 says

            November 8, 2016 at 11:22 am

            Thanks. Read through the like-for-like, and the autodiscovery/certificate article it referenced. The one part I don’t feel like I understand well enough before “diving in” is the bit about setting the SCP back to the original value immediately after the 2nd Exchange installation.

            When I issue “Get-ClientAccessService | fl” there are something like 25 lines returned. Is the gist of setting the SCP back to the “original value” just a matter of setting the AutoDiscoverServiceInternalUri back to what it was?

          • Paul Cunningham says

            November 8, 2016 at 12:28 pm

            AutoDiscoverServiceInternalUri is the only thing you need to touch.

            “….you need to be aware of the Autodiscover SCP that the new server will be registering in Active Directory, and be prepared to change that immediately to match the Autodiscover URL for the existing server”

          • ndfan77 says

            November 8, 2016 at 2:23 pm

            Ah, very good. Thanks for the clarification! (And for the site and content. It is appreciated.)

  13. SILVIO TAVARES says

    October 22, 2016 at 11:01 pm

    PS1 dont working for me.

    Dont run in my windows 2016 powershell

    Error the signature

    Reply
    • SILVIO TAVARES says

      October 23, 2016 at 4:47 am

      I disabled WIndows Defender on Windows 2016…

      Reply
  14. IsmatSahar says

    October 1, 2016 at 2:05 am

    thanks sir,really awesome

    Reply
  15. IsmatSahar says

    October 1, 2016 at 2:04 am

    thanks sir,really awesome

    Reply
  16. Diego says

    September 30, 2016 at 9:46 am

    Now Exchange 2016 is compatibility on Windows Server 2016, because that from back months this not supported. Thanks

    Reply
  17. Joel Rennie says

    September 30, 2016 at 4:21 am

    Thanks!

    Reply

Leave a Reply Cancel reply

You have to agree to the comment policy.

Recent Articles

  • Changes in Microsoft 365 Apps Channels and Why You Should Care
  • A New Tool to Manage Exchange-related Attributes Without Exchange Server
  • Microsoft Launches Group Ownership Governance Policy
  • Making the Case for Identity Governance in Azure Active Directory
  • Prepare an Office 365 migration plan assessment using PowerShell

Copyright © 2022 Quadrotech Solutions AG · Disclosure · Privacy Policy
Alpenstrasse 15, 6304 Zug, Switzerland