This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 56.00000000000001%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
I am having continuing issues with Windows update not properly detecting all necessary security updates for Exchange 2016 CU22 running on Windows Server 2016. The current example of this is with KB5008631. Windows update indicates "Your device is up to date." but the Exchange Health Checker script indicates KB5008631 is not installed. I have also confirmed this by running get-hotfix in powershell.
It seems like this has happened with the last several security updates for CU22. I'm able to install them manually via an elevated command prompt just fine but can't determine why Windows update sees these as missing.
We are not using any patch management system on this server and have always just ran windows update manually during maintenance windows. As far as I can tell the server is configured to go directly to the internet for updates but maybe I'm missing something.
PS > $MUSM = New-Object -ComObject "Microsoft.Update.ServiceManager"
PS > $MUSM.Services | select Name, IsDefaultAUService
Name IsDefaultAUService
Windows Update True
Any help in troubleshooting this would be appreciated.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 83%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
You probably need to activate Microsoft Update
(new-object -c "Microsoft.Update.ServiceManager").AddService2("7971f918-a847-4430-9279-4a52d1efe18d",7,"")
Hello @Sam Kear
Firstly, I would recommend you to always use the latest Exchange Health Check app, as there are frequent "tweaks" to the script due to some issues reported by the community.
On the other hand, it usually roots to the fact that the KB in question was not execute with elevated privileges, and there for some files or changes may be missing, or versions don't match.
Hope this helps with your query,
---------
--If the reply is helpful, please Upvote and Accept as answer--
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 20%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAX%3C/text%3E%3C/svg%3E)
Hi @Sam Kear ,
You could follow the link to download andrun the healthchecker script to check the Exchange build number.
https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/
Or you could check the Exchange version on control panel.
The Exchange server version in my test lab is 15.1.2375.12.
According to the document, so it is Exchange server 2016 CU22 Oct21SU.
If you have installed the latest Su, the version number will be 15.1.2375.18.
You could get more details of the exchange build numbers from this document.
https://learn.microsoft.com/en-us/exchange/new-features/build-numbers-and-release-dates?view=exchserver-2019
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thanks for your response. I have confirmed we are running build number 15.01.2375.017 which indicates the Nov21SU is installed but not the Jan22SU. Windows Update indicates "Your device is up to date." so I'm not sure why it's not detecting that the server still needs the Jan22SU for exchange (KB5008631). It is normal behavior that Exchange SUs need to be manually installed? The message from windows update is simply wrong in this case.
Hi @Sam Kear ,
Yes, it's the normal behavior.
Windows would show the update of windows system, not the exchange
.
We recommend you to install the Jan22su through the CMD.
You could follow below steps to install it. (In this case, I was installing the NOV22su. Same as the Jan22Su)
1.Download the Jan22su from this link.
https://support.microsoft.com/zh-cn/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-january-11-2022-kb5008631-2ee4d1f3-8341-4a4d-86be-4b73bc944f1b
2.Select Start, and then type cmd.
3.Right-click Command Prompt from the search results, and then select Run as administrator.
4.If the User Account Control window appears, select the option to open an elevated Command Prompt window, and then select Continue. If the UAC window doesn’t appear, continue to the next step.
5.Type the full path of the .msp file for the security update, and then press Enter.
For example, my security update ‘s Installation package is in C:\Users\Administrator.CONTOSO\Downloads.
So I typed C:\Users\Administrator.CONTOSO\Downloads\ Exchange2016-KB5007409-x64-en.msp in CMD
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @Sam Kear ,
It's been a while, is there any update?
If the above suggestion helps, please click “Accept as answer” to mark helpful reply as an answer. Your action would be helpful to other users who encounter the same issue and read this thread.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 11%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Hi @Aaron Xue-MSFT ,
so, there is nothing I can do to ensure that the Exchange SUs get automatically detected by windows update?
If so, does anybody know a method to automate the installation of Exchange SUs?
Thanks ahead!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 13%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
I (the company I work for) have a quite a few clients having this same issue. Some are not. Sam, are you still having this issue?
I have a case open with MSFT windows team. He is saying it is a GPO conflict. I removed the WU policies without success. Noticed the WU policy has "Give me updates for other Microsoft products when I update Windows" enabled in the GP for WU and is not checked in WU GUI and is Grey'd out. WU does detect .Net and other MSFT updates. Just not Exchange.
I have a client that pulls updates directly from MSFT. They do not have any issues detecting SU's.