Hello!
I had MS Exchange 2016 Standard CU23.
On premises server. (Not cloud server)
One server with all roles (I don't want to discuss its is good or bad, this is not topic right now...server protected bu cloud anti-spam and antivirus and firewall of course)
Everything was fine.
Version number was:
short format:15.1.2507.6
long format: 15.01.2507.006
I decided update it "Exchange Server 2016 CU23 May22SU"
I downloaded "Security Update For Exchange Server 2016 CU23 (KB5014261)" as "Exchange2016-KB5014261-x64-en.exe"
I run cmd (not Power Shell) with elevated prompt (run cmd as Admin) and put path for "Exchange2016-KB5014261-x64-en.exe", like c:\Exchange2016-KB5014261-x64-en.exe
Everything installed successfully. Update asked me to reboot, I did it.
Then I made this step:
"C:\Program Files\Microsoft\Exchange Server\V15\Bin\Setup.exe" /IAcceptExchangeServerLicenseTerms_DiagnosticDataON /PrepareAllDomains
( see: https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2016-and-2019-may-10-2022-kb5014261-cd5ecb59-a0eb-47ef-ae35-f62b13c8b817 )
And this did it again successfully.
All tests works fine. Mail flow OK (internal and external).
I used "HealthChecker.ps1" power shell script... - everything (except small problems) was fine.
NOTE:
15.01.2507.006 <- build number for "Exchange Server 2016 CU23 (2022H1)" withOut "...CU23 May22SU" - before update.
15.01.2507.009 <- build number for "Exchange Server 2016 CU23 (2022H1)" with "...CU23 May22SU" - it means PROPER build number, after update!
Proper Version for
"Security Update For Exchange Server 2016 CU23 (KB5014261)" as "Exchange2016-KB5014261-x64-en.exe"
is: short format: 15.1.2507.9 long format: 15.01.2507.009
But AFTER installed update I have:
In Active Directory server:
DSQUERY.exe * "CN=CompanyDomain,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=CompanyDomain,DC=com" -Scope base -Attr msExchProductId
msExchProductId
15.01.2507.006 <-wrong, old build number
In MS Exchange (one single server with all roles):
"Get-ExchangeServer | Format-List Name,Edition,AdminDisplayVersion" gives this: "AdminDisplayVersion : Version 15.1 (Build 2507.6)" <-wrong, old build number
GUI (Exchange Control Panel ->Servers ->Servers->Version ) gives me "Version 15.1 (Build 2507.6)" <-wrong, old build number
"GCM exsetup |%{$_.Fileversioninfo}" gives this:
ProductVersion FileVersion FileName
15.01.2507.009 15.01.2507.009 C:\Program Files\Microsoft\Exchange Server\V15\bin\ExSetup.exe <-correct, new, updated build number!
in registry on Exchange, here:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\442189DC8B9EA5040962A6BED9EC1F1F\Patches\2DBA4A03E20C50240BB449DC957C8F72]
"DisplayName"="Security Update for Exchange Server 2016 Cumulative Update 23 (KB5014261) 15.1.2507.9" <-correct, new, updated build number!
File version checking in explorer gives version: 15.01.2507.009 <-correct, new, updated build number!
So...some version numbers are outdated - ".006"
others - OK, updated, correct - ".009"
My questions are:
- why it is happened?
- did I do everything proper? Or I have to be ready for problems?
- how can I fix this?
P.S.:
I've read a lot of information about similar problems...
Some of people speak - don't worry, It happens, not always proper build version (in case of SU) is set correctly.
Some of them told - perhaps it was not enough rights (of course I did update from account with Domain Admin, Enterprise Admin and max Exchange Admin account!)
Some of them gives advice use ADSIEdit to edit version in AD here: CN=configuration,DC=CompanyDomain,DC=com -> CN=Services ->CN=CompanyDomain->Properties
->msExchProductID = 15.01.2507.006 to correct->15.01.2507.009
of course I can edit it, and DSQUERY.exe will show new edited version.....but I'm not sure this is REALLY solve problem...and this will be CONSISTENT...and in this case "AdminDisplayVersion" still shows wrong old version (I guess AdminDisplayVersion is coded in different place)
Some of them told about Edge Transport wrong version - this is not my case, I have only one exchange server, there are no any dedicated edge servers.
and of course I've read a lot of other information...