Chia sẻ qua

Do you have, unsupported, .NET 4.6 on your Exchange Servers?

  • Bài viết

UPDATE: Support for .Net 4.6.1 is now available for Exchange Server 2016 CU2 and 2013 CU13

There are several posts on the steps to check if .NET 4.6 is installed on your Exchange Server, take action to remove it, and prevent .NET 4.6 from being installed again. When at customers, I said, "I wish there was one site that had all of the steps." So, here it is.

 

First of all, confirm that .NET 4.6 is unsupported on your version of Exchange: Exchange Supportability Matrix

 

 

Check if you have .NET 4.6 installed on your Exchange Server

Marc Nivens, at Microsoft, created an awesome script to check your Exchange Servers to see if they match Microsoft's recommendations. .NET version is one of the areas that it checks. The script is called:

Exchange Server Performance Health Checker Script

https://gallery.technet.microsoft.com/Exchange-2013-Performance-23bcca58

  1. Open Exchange Management Shell (EMS) on the newest version of Exchange in your environment
  2. You may need to adjust your Exchange Management Shell execution policy
    Get-ExecutionPolicy
    If it is not set to unrestricted, temporarily set it to unrestricted.
    Set-ExecutionPolicy unrestricted
  3. Copy the above script into your Exchange scripts directory
    1. Easiest way to do this is to type this in your EMS and paste the file in the directory:
      explorer $exscripts
  4. Go to the script directory in EMS
    cd $exscripts
  5. Run the Exchange Server Performance Health Checker Script against your Exchange Servers
    1. For Exchange 2013 servers:
      Get-ExchangeServer | ?{$_.AdminDisplayVersion -Match "^Version 15"} | %{.\HealthChecker.ps1 -Server $_.Name}
    2. For Exchange 2016 servers:
      Get-ExchangeServer | ?{$_.AdminDisplayVersion -Match "^Version 15.1"} | %{.\HealthChecker.ps1 -Server $_.Name}
  6. Review the results to see if .NET version 4.6 is installed in your environment

If .NET is currently installed on your Exchange Server, go through these steps. Otherwise, skip to the next section to prevent it from being installed

  1. If the server has already automatically updated to 4.6.1 and has not rebooted yet, do so now to allow the installation to complete
  2. Stop all running services related to Exchange.
    1. You can run the following cmdlet from Exchange Management Shell to accomplish this:  (Test-ServiceHealth).ServicesRunning | %{Stop-Service $_ -Force}
  3. Go to add/remove programs, select view installed updates, and find the entry for KB3102467.
  4. Uninstall the update.
  5. Reboot when prompted.
  6. Check the version of the .NET Framework and verify that it is showing 4.5.2.  If it shows a version prior to 4.5.2 go to windows update, check for updates, and install .NET 4.5.2 via the KB2934520 update.  Do NOT select 4.6.1/KB3102467.  Reboot when prompted.  If it shows 4.5.2 proceed to step 5.
    1. Open a command prompt and type:
      reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\full" /v version
  7. Stop services using the command from step 2.
  8. Run a repair of .NET 4.5.2 by downloading the offline installer, running setup, and choosing the repair option.
  9. Reboot when setup is complete.
  10. Apply the February security updates for .NET 4.5.2 by going to Windows update, checking for updates, and installing KB3122654 and KB3127226.  Do NOT select KB3102467.
  11. Reboot after installation.
  12. After reboot verify that the .NET Framework version is 4.5.2 and that security updates KB3122654 and KB3127226 are installed.
  13. Follow the steps below to block future automatic installations of .NET 4.6.1.

Prevent .NET 4.6 from being installed on your Exchange Server

Important Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

Note For security, stability, reliability, and servicing reasons, we recommend that you do not maintain this block for an extended time.

  1. Back up the registry.
  2. Start Registry Editor. To do this, click Start, type regedit in the Start Search box, and then press Enter.
  3. Locate and click the following subkey:
    HKEY_LOCAL_MACHINE\Software\Microsoft\NET Framework Setup\NDP
  4. After you select this subkey, point to New on the Edit menu, and then click Key.
  5. Type WU, and then press Enter.
  6. Right-click WU, point to New, and then click DWORD Value.
  7. Type BlockNetFramework461, and then press Enter.
  8. Right-click BlockNetFramework461, and then click Modify.
  9. In the Value data box, type 1, and then click OK.
  10. On the File menu, click Exit to exit Registry Editor.

Note Organizations do not have to modify the registry in environments that are managed through an update management solution, such as Microsoft WSUS or System Center Configuration Manager. Organizations can use these products to fully manage the deployment of updates that are released through Windows Update or Microsoft Update. The procedure that's discussed in this article is necessary only for computers that directly connect to and receive updates from Windows Update.

 

Go through the Check if you have .NET 4.6 installed on your Exchange Server section again and confirm that all your Exchange Servers do not have .NET 4.6

Reverse out the execution policy changed: Set-ExecutionPolicy remotesigned

 

 

Additional Readings (and a portion of the information presented above) :

On .NET Framework 4.6.1 and Exchange compatibility https://blogs.technet.com/b/exchange/archive/2016/02/10/on-net-framework-4-6-1-and-exchange-compatibility.aspx

Comments

  • Anonymous
    March 18, 2016
    This is the first time I came here. I, your blog, especially its discussion of the stuff is very entertaining. From the tons of comments on your articles, I guess I'm not the only one having all the enjoyment! Keep up the good work.


    http://www.lgnetworksinc.com/">Managed Services Dallas