Upgrading Exchange Server 2019 CU14 to CU15 on Windows Server 2022

Hey Checkyourlogs Fans,

Upgrading Microsoft Exchange Server 2019 from Cumulative Update 14 (CU14) to Cumulative Update 15 (CU15, KB5042461) is a critical maintenance task that brings your server to the latest supported build. CU15 (released Feb 10, 2025) is the final planned CU for Exchange 2019 and introduces new features (like partial TLS 1.3 support and Extended Protection by default) along with many fixes. This guide provides a comprehensive, step-by-step walkthrough for a single-server Exchange 2019 environment on Windows Server 2022. We’ll cover pre-upgrade health checks, the upgrade process (with both GUI steps and PowerShell commands), post-installation validation, and common troubleshooting tips.

Note: Always perform such upgrades during a planned maintenance window and test them in a lab environment first, if possible. Ensure you have a reliable backup of your Exchange server and Active Directory before proceeding. Keep in mind that once you upgrade to CU15, you cannot roll back to CU14 except by restoring from backup (uninstalling the CU will remove Exchange entirely).

Prerequisite Health Checks Before the Upgrade

Before installing CU15, take time to verify the health and readiness of your environment:

• Backup and Recovery Plan: Verify that you have a current backup of Exchange (including databases and configuration) and, ideally, an Active Directory system state backup. If using virtual machines, you may take a VM snapshot as an additional safety measure (although not officially supported by Microsoft for long-term use). In case of a failed update, a snapshot or backup can help you recover quickly.
• Server & OS Updates: Ensure Windows Server 2022 is fully patched with the latest updates, and reboot the server beforehand to clear any pending reboot flags. The exchange setup will not run if a prior reboot is pending. After reboot, confirm no Windows Update operations are still in progress.
• Exchange Services Health: Check that all Exchange services are running and healthy before the upgrade. You can use the Exchange Management Shell (EMS) command Test-ServiceHealth to verify required services status. If any essential service (like the Exchange Transport, Mailbox Assistants, RPC Client Access, etc.) is stopped or failing, resolve those issues first. Also, ensure the Remote Registry service is enabled (set to Automatic) as Exchange setup requires it.
• Active Directory Health: Verify your Active Directory is healthy and replicating properly. Run DCdiag on domain controllers and repadmin /replsummary to check for replication errors. All domain controllers should be reachable. Exchange relies on AD, and the CU15 update will make changes to the Configuration partition of AD, so AD issues can cause setup to fail. Also ensure you are logged on as an account with Schema Admins and Enterprise Admins rights (if you plan to have setup extend schema or AD). In this specific CU15 case, no schema update is required (schema stays at version 17003 for Exchange 2019), but there are updates to the AD configuration container (to version 16763) which require Organization prep permissions.
• Exchange Schema Version Check: It’s good practice to confirm your Exchange AD schema is already up-to-date from previous CUs. Since you are on CU14, your schema should already be at the required version for Exchange 2019 (v17003) and will remain unchanged by CU15. If your environment had been several CUs behind, you would need to run /PrepareSchema and /PrepareAD manually. For CU15 from CU14, schema prep is not needed (no new schema), and the AD configuration update will be done during setup (provided your account has the necessary permissions).
• Verify .NET Framework: Ensure the .NET Framework 4.8 (or later, if supported) is installed on the Exchange server. Exchange 2019 CUs have specific supported .NET versions, and newer CUs typically require .NET 4.8. Windows Server 2022 comes with .NET 4.8 in the OS, so this is usually already satisfied. If the server was upgraded from an older OS or .NET was downgraded, reinstall .NET 4.8 and reboot before proceeding. (You can check the .NET version via registry or PowerShell; .NET 4.8 corresponds to Release >= 528040.)
• Disk Space: Ensure there is sufficient disk space on the system drive and the drive containing Exchange binaries. Cumulative Update packages are large (the CU15 ISO is around 6+ GB) and during installation, files are copied to the Exchange setup folder (e.g. C:\ExchangeSetupLogs and temporary folders). The Exchange Server 2019 CU15 ISO (ExchangeServer2019-x64-cu15.iso) – after downloading (in the next step), you may verify this to ensure your download is intact.
• Antivirus and Monitoring: Temporarily disable or halt any antivirus or backup agents that might lock Exchange files during the update. Such software can interfere with service stoppage or file replacement. Also, if you have system monitoring or third-party agents, consider pausing them to avoid false alerts or interference.
• Maintenance Mode (Single Server): Even in a single-server environment, it’s wise to quiesce Exchange services to flush queues and stop new connections. Notify users of the planned downtime. You can manually stop the Transport service to stop mail flow, but an even cleaner approach is to use Exchange’s maintenance mode cmdlets:
  • In EMS, set the HubTransport component to draining:

Set-ServerComponentState YourServerName -Component HubTransport -State Draining -Requester Maintenance

For single-server, you skip the message redirect since there’s no alternate server. (In multi-server environments, you’d use Redirect-Message to another server.)

• • Restart the transport service to apply the drain state:

Restart-Service MSExchangeTransport

• • Next, put the server into a global offline state so it won’t serve client requests during the upgrade:

Set-ServerComponentState YourServerName -Component ServerWideOffline -State Inactive -Requester Maintenance

This marks the server as in maintenance mode (stops accepting client connections, DAG activation, etc). (If the server were part of a DAG, you’d also run the Start-DAGServerMaintenance.ps1 script to pause clustering and move active databases, but for a single standalone server this isn’t applicable.)

• • Finally, ensure the mail queue is empty or nearly empty: run Get-Queue in EMS. Any remaining messages will retry after the server comes back, but draining ensures no active processing is interrupted.
• Custom Configurations: Take note of any custom Exchange or IIS configuration you have in place. Installing a CU can overwrite settings in Exchange configuration files (like web.config, transport config files, etc.) and reset certain OS-level settings (TLS registry settings, etc.). Since Exchange 2019 CU13, the setup will automatically backup and restore many common custom config changes to mitigate this, but it’s still best to have your own record. For example, if you customized web.config for EAC/ECP or adjusted the max attachment size in config files, be prepared to reapply those if needed (or verify the setup’s auto-restore worked). Similarly, if you hardened TLS cipher suites or Schannel settings at the OS level, note that those should be rechecked after the update.
• Permissions: Confirm the account performing the upgrade is a member of the Organization Management role group in Exchange (required for any Exchange install/uninstall). Additionally, because this upgrade will run AD preparation tasks, the account should ideally be a Schema Admin and Enterprise Admin (setup will try to update AD schema or config as needed). For CU15 specifically, Schema Admin may not be strictly required since no new schema, but Enterprise Admin is needed for the PrepareAD (organization) changes. If you prefer, you can manually run the AD prep steps in advance (using an EA/SA account) and then run the CU update with a lower-privileged account – see next section.
• Exchange Health Checker (Optional): Microsoft provides an Exchange Health Checker script (available via the PowerShell Gallery or GitHub) that can be run before and after the update to highlight any issues. Consider running it prior to upgrading to catch any misconfigurations. After the upgrade, run it again to verify everything is up-to-date (the Health Checker will also tell you if any Security Updates are missing, etc.).

With all the prerequisites checked off and the system in a quiescent state, you’re ready to proceed with the CU15 installation.

Downloading and Verifying CU15 (KB5042461)

1. Download the CU15 Package: Cumulative Update 15 for Exchange 2019 is available from Microsoft as an ISO file (around 6 GB). Obtain it from either:
   • The Microsoft Volume Licensing Center (if you have volume license access), or
   • The Microsoft Download Center (public download). Microsoft’s official link for CU15 is labeled “Microsoft Exchange Server 2019 Cumulative Update 15 – Download the package now”. Use the official source to avoid corrupted or tampered files.
2. Verify Download Integrity: After downloading, verify the SHA-256 hash of the ISO matches the value provided by Microsoft (to ensure the file is not corrupted):
   • Expected SHA-256 for ExchangeServer2019-x64-cu15.iso.
3. Check Release Notes: It’s a good idea to read the official release notes or KB article for any special instructions. For example, CU15 has a known issue with the Edge Transport service if journaling with Azure RMS decryption is used (discussed later). The release notes also mention that you cannot deploy CU15 if Exchange 2013 exists anywhere in the org (CU15 setup will block installation if it detects Exchange 2013 servers). In a pure 2019 environment this is not a concern, but if you had older versions, heed that warning.
4. Plan for Downtime: Inform users that Exchange services will be offline during the update. In a single-server environment, this means mail flow and client access will be down until the upgrade and reboot are complete. The update can take significant time (Microsoft estimates ~180 minutes for the process, though it can be shorter or longer). Factors include machine performance, number of mailboxes, and whether AD prep has to replicate, etc. Allocate a comfortable maintenance window (e.g., late night or weekend).

Now that we have the CU15 installer ready and verified, we can proceed to the installation steps.

Step-by-Step: Installing Exchange 2019 CU15 (GUI Method)

We will use the Exchange Setup Wizard (GUI) to perform the upgrade. These steps assume you’re performing the update on the Exchange server itself, logged in with an admin account. (If you prefer using command-line unattended mode, see the note at the end of this section.)

Step 1: Prepare the Server for Installation

• Ensure all the prerequisite checks from the earlier section are done (especially server rebooted, maintenance mode set, and antivirus disabled).
• If you haven’t already, mount the CU15 ISO on the Exchange server. In Windows, you can right-click the ISO and choose “Mount”, which will assign it a drive letter (for example, E:). You can also extract the ISO contents to a folder if preferred.

Step 2: Launch the Exchange Setup Wizard

• Using File Explorer, open the mounted ISO drive (e.g. E:) and run Setup.exe as Administrator (double-clicking should prompt the GUI to start).

• If prompted by User Account Control (UAC), confirm you want to run it.

Step 3: “Check for Updates?”

• The Exchange Setup wizard will first ask whether you want to check for online updates for the setup program (this is not checking for new Exchange CUs, but any setup-related updates/hotfixes). You have two options:
  • Connect to the Internet and check for updates – Recommended if the server has internet access. Setup will download any available updates for the installer.
  • Don’t check for updates right now – If the server is offline or you prefer to skip, choose this.
• Make your choice and click Next. (If checking online, it may take a moment on a “Downloading Updates” screen before proceeding.)

Step 4: Copying Files

• Setup will initialize and copy installation files to a temporary location on the server. You’ll see a “Copying Files” progress bar. (By default, it copies files to the Windows temp directory or ExchangeSetupLogs folder.) Wait for this to reach 100%.

Step 5: Upgrade Detection

• Once files are copied, the wizard should detect the existing Exchange installation. You should see an “Upgrade” page indicating that Exchange Server 2019 is already installed and will be upgraded to CU15. (If, instead, it looked like a new install, abort the process – you might have launched the wrong setup or on the wrong machine.)
• Click Next to continue.

Step 6: Accept License Agreement

• On the License Agreement page, read the software terms (if you wish). You must select “I accept the terms in the license agreement” to proceed. Then click Next.

Step 7: Readiness Checks

• The setup will perform prerequisite checks (Readiness Checks) to ensure your server meets all requirements for CU15. This includes checking OS version, prerequisites (like .NET, UCMA, Visual C++ libs, etc.), available disk space, AD permissions, etc.
• If all checks pass, you will see a green check and the Install button will become available.
• If any check fails, you will see errors listed. You must fix any errors before you can proceed (the Install button will be greyed out). Common issues might be:
  • Not enough disk space.
  • Required OS components missing (though if Exchange was working, likely all are present).
  • .NET version not supported.
  • AD preparation not done or permissions issue (e.g., if your account isn’t Enterprise Admin and the setup can’t update AD, it might throw an error at this stage).
• If you get an error like “The well-known object entry … points to an invalid DN or a deleted object. Remove the entry, and then rerun the task.”, this refers to a stale object in AD (the “well-known object” error) blocking PrepareAD. You’ll need to remove that bad reference from AD (using ADSI Edit or a provided script) and rerun setup – see Troubleshooting section below.
• Warnings might also appear (for example, a warning that the IIS Admin service will be restarted, etc.). Warnings do not block installation, but review them in case any action is suggested.
• Once any errors are resolved, click Retry to run the checks again. When you have a clean bill of health (all prereqs met), click Install to begin the upgrade.

Step 8: Installation Progress

• The setup will now perform the actual upgrade. You’ll see a “Setup Progress” page with a status bar. There are multiple steps that run sequentially, such as:
  • Organization Preparation (this updates the AD configuration partition with any changes for CU15).
  • Stopping Services – Exchange services will be stopped.
  • Copying Exchange Files – New binaries are installed.
  • Language Files Upgrade – Updating language packs.
  • Executing intermediate steps – There may be steps to update the mailbox database schema, transport, client access components, etc.
  • Finalizing Setup – Completing installation and starting services.
• Be patient during this process. It can easily take 30 minutes or more, and some steps (like Language Files or Mailbox role upgrade) might seem slow. The GUI will eventually show each step as “Completed” as it goes. Do not interrupt the setup or reboot during this phase.
• If the setup fails mid-way (red X on a step), it typically will rollback changes. Check the error output or log file (C:\ExchangeSetupLogs\ExchangeSetup.log) for specifics. Most failures at this stage are environmental (e.g., AD issues, file locks, etc.). See Troubleshooting for guidance on common failures.

Step 9: Completion and Reboot

• When setup finishes, you should see a “Setup Completed” page indicating a successful upgrade. It may also remind you to reboot the server. Click Finish.
• Reboot the server now (if the wizard doesn’t reboot it automatically). A restart is required to finalize certain changes (such as registry updates and to ensure all services start cleanly on the new version).

Exchange Setup Wizard progress during CU update (example from Exchange 2016 CU, but the process is similar). The upgrade will go through multiple steps like Organization Preparation, stopping services, copying files, etc., before completion.

Unattended Upgrade (Optional): As an alternative to the GUI, you can perform the upgrade via an elevated command prompt or PowerShell. For example:

E:\Setup.exe /Mode:Upgrade /IAcceptExchangeServerLicenseTerms_DiagnosticDataON

This will run the upgrade in console mode with defaults. (Note: The /_DiagnosticDataON or OFF suffix on the accept terms switch is required for CUs released after Sept 2021.) Using the command-line is useful for automation or when you can’t use the GUI. Make sure to still run the prerequisite AD prep commands manually if needed. The rest of the process and required reboots are the same.

Post-Installation: Validation and Follow-Up Steps

After the server has rebooted, perform the following to verify the upgrade was successful and Exchange is fully functional:

• Verify Exchange Version: Open the Exchange Management Shell and run:

Get-ExchangeServer -Identity YourServerName | Format-List Name, AdminDisplayVersion

The AdminDisplayVersion should now show the new build number for CU15. For Exchange 2019 CU15, it should read 15.2.1748.10 (or higher, if additional security hotfixes have been applied). You can also check the Exchange Admin Center (EAC) GUI – the server version in the “Servers” section or the About dialog should reflect CU15.

• Check Exchange Services: Confirm that all Exchange services are running. You can use Test-ServiceHealth in EMS to list any required services that are not running. Alternatively, use
• Get-Service *Exchange* | Where-Object {$_.Status -ne “Running”} to see if any
• Exchange service is stopped. Important ones to check: Microsoft Exchange Transport, Mailbox Assistants, Unified Messaging (if used), Exchange RPC Client Access, Exchange Information Store, Exchange Health Manager, etc. Also verify IIS services (WAS, W3Svc) are running since Exchange depends on them.
• Event Logs: Open Event Viewer -> Windows Logs -> Application. Look for any errors or warnings from “MSExchange*” sources after the upgrade time. A successful upgrade might log informational events about upgrade success and each service starting. Pay attention to any failures or repeated crashes (for example, if the EdgeTransport service is restarting repeatedly, see the Troubleshooting section regarding a known issue with journaling).
• Exit Maintenance Mode: If you put the server in maintenance mode earlier, bring it back online:
  • In EMS, reactivate server components and transport:

Set-ServerComponentState YourServerName -Component ServerWideOffline -State Active -Requester Maintenance

Set-ServerComponentState YourServerName -Component HubTransport -State Active -Requester Maintenance

Restart-Service MSExchangeTransport

• If you temporarily removed this server from DNS or a load balancer for maintenance, add it back now.
• Test Client Access: Have a user (or test account) log on to OWA (Outlook Web App) and EAC (Exchange Admin Center) to ensure the web services are working. Check connectivity via Outlook (MAPI) and mobile devices. Running the PowerShell cmdlet Test-OutlookWebServices or Test-OwaConnectivity (from the Exchange toolbox or EMS, if properly configured) can help verify the services.
• Test Mail Flow: Send a test email to and from an external account. Ensure messages are delivered and there are no queuing issues. Also test internal mail flow between mailboxes. You can use the Exchange cmdlet Test-SmtpConnectivity or simply observe the transport queues (Get-Queue should show nothing backing up significantly).
• Health Checker and Monitoring: Run the Exchange Health Checker script again now that CU15 is installed, to identify any issues. This script will also confirm if the Active Directory configuration version is correct and if all required security patches are applied. Additionally, re-enable any monitoring or antivirus services that were disabled, and monitor the server closely for a day or two for any errors.
• Reapply Customizations (if needed): Exchange CU installation might have reset some custom settings. The good news is, starting with recent CUs, many common custom configs are auto-preserved. For example, custom OWA settings or max attachment sizes in config files are often backed up and restored by the installer. Nonetheless, double-check any particular customization:
  • Custom IIS settings (SSL bindings, auth settings) in most cases remain unchanged, but verify if you had any non-standard config.
  • If you previously tweaked registry settings for protocols (e.g., TLS settings), ensure they are still as intended.
  • If you had custom branding (like a custom OWA logon page), you may need to reapply those files if they were overwritten.
• Schema/AD Version Check (post-upgrade): Since CU15 introduced no new schema, your AD schema version should remain at 17003 (if it was that before). The configuration partition version should now be updated (to 16763). Although not usually needed to check manually, advanced admins can verify this via ADSI Edit or the Exchange Management Shell:
  • To check schema version via PowerShell:

Get-ADObject (Get-ADRootDSE).SchemaNamingContext -Property objectVersion

(Exchange 2019 objectVersion would be 17003 for latest schema).

• • To check config version, you could check the objectVersion attribute of CN=Microsoft Exchange,CN=Services,CN=Configuration,<ForestDN> – but this is generally for curiosity. If setup succeeded, it did its job.

At this stage, your Exchange 2019 server should be running CU15 and functioning normally. It’s wise to keep an eye on the server for any unusual behavior in the next few days (frequent event log errors, performance issues, etc.), but typically if the above checks pass, you are in good shape.

Common Issues and Troubleshooting Tips

Even with careful preparation, you might encounter issues during or after the CU15 upgrade. Here are some common problems and their solutions:

• AD Schema/PrepareAD Failures: If the setup fails during the AD preparation stage (Step 1 of the upgrade) with an error, it’s often due to permission issues or AD object issues:
  • Insufficient Permissions: The setup may error if your account didn’t have rights to modify the schema or configuration. In this case, run the prep steps manually. For example, run Setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms_DiagnosticDataON with an Enterprise Admin account (and if schema were needed, /PrepareSchema with Schema Admin account). Once AD is prepared successfully (check Exchange Organization and domain updates are applied), re-run the CU15 setup.
  • Well-Known Object (WKO) Error: As mentioned, if you see an error referencing otherWellKnownObjects attribute and a GUID (e.g., something like “CN=Recipient Management… points to an invalid DN or a deleted object”), it means Exchange setup found a stale AD object reference. This is a known issue that can happen if an Exchange-related AD object was deleted improperly in the past. Solution: Use ADSI Edit to remove the specific entry from the CN=Microsoft Exchange,CN=Services,CN=Configuration,… container’s otherWellKnownObjects attribute very carefully, or use a community script that automates removal of orphaned WKOs (as referenced in some Exchange forums). Always backup AD (or that attribute’s values) before deletion. After removing the offending entry, rerun the setup’s PrepareAD (or the whole setup again) – it should proceed past that point.
• Setup Freezes or Hangs: If the GUI setup appears to hang for a very long time on a particular step (e.g., Stopping Services or Intermediate Steps):
  • Check the Exchange Setup log (C:\ExchangeSetupLogs\ExchangeSetup.log) to see if it’s actively updating. Sometimes the GUI doesn’t update while a long operation runs (like a schema update or a large data import). If the log is still moving, give it time.
  • If it truly seems stuck, check for any pop-up messages or hidden prompts (ALT+Tab) – occasionally a Windows Installer or other prompt might be waiting (though rare for CUs).
  • Service not stopping: It may hang if a service cannot stop. Open Services.msc and see if any Exchange service is stuck in “Stopping” state. Common culprits include Search (Exchange Search Host Controller) or Transport. You might need to kill the process associated with a stuck service (e.g., MSExchangeTransport.exe or Microsoft.Exchange.Search.Service.exe) to allow setup to continue. After terminating a stuck process, setup usually proceeds.
  • Deadlocked setup: In worst cases, if the setup is unresponsive and log hasn’t updated for a long time, you might have to end the setup task and reboot the server. Since Exchange setup has recovery mechanisms, on reboot it may attempt to continue or you can re-run the setup. Do not cancel the setup unless you have no other choice – always prefer to let it try to rollback if it can.
• Service Startup Issues After Upgrade: If after reboot some Exchange services fail to start:
  • One known issue (fixed in earlier CUs) was the Service Host service failing to start and causing Exchange to not fully function. If something like that occurs, check the event logs for service-specific errors. Often, simply restarting the service manually works. If a service is repeatedly crashing, gather the event details to investigate further or open a support case.
  • EdgeTransport constant restarting (Journaling & RMS): After CU15, you might notice the Transport service (EdgeTransport.exe) crashing and restarting every few minutes, especially if you have Journaling with IRM enabled. This is a known issue in CU15 (and Nov 2024 SU) where Azure RMS protected messages in the journal cause a crash. Symptoms include event ID 10003 (PoisonMessage) errors in Application log when it tries to decrypt a message. Microsoft has provided a workaround and fix:
    • Workaround: Disable the new RMS encryption agent introduced in that update by creating a setting override. In EMS, run:

New-SettingOverride -Name "DisableMSIPC" -Component Encryption -Section UseMSIPC -Parameters @("Enabled=false") -Reason "Disabling MSIPC stack"

Get-ExchangeDiagnosticInfo -Process Microsoft.Exchange.Directory.TopologyService -Component VariantConfiguration -Argument Refresh

Restart-Service MSExchangeTransport

This stops Exchange from using the problematic RMS decryptor, preventing the crash. Mail will flow, though Journal Report Decryption will be effectively off.

• • • Permanent Fix: Microsoft released a Hotfix Update 2 (HU2) for CU15 on May 29, 2025 (KB5057651). Applying that patch resolves the issue so the override isn’t needed long-term. After installing the hotfix, you can remove the override via Remove-SettingOverride (as shown in the KB) and refresh the config.
    • This issue might not affect you if you don’t use journaling with IRM, but it’s good to be aware in case you see the symptoms.
• Extended Protection and Authentication Issues: CU15 enables Extended Protection for authentication by default on Exchange virtual directories. Extended Protection is a security feature to mitigate man-in-the-middle attacks for Windows auth. In some environments with certain load balancers or older clients, this could potentially cause authentication failures. If after CU15 you notice, for example, Outlook prompting repeatedly or EAC/OWA auth issues:
  • Review the TechCommunity announcement and documentation on Extended Protection with Exchange. It might require updating configurations on your load balancer to support proxying with Extended Protection tokens.
  • If necessary, Extended Protection can be disabled on Exchange URLs, but only do so if you understand the security implications. (Microsoft provides guidance for toggling it via an IIS configuration or script.)
  • Generally, most up-to-date clients and simple deployments won’t have an issue, but it’s a new default, so keep an eye on authentication behavior.
• Out-of-Date .NET or Visual C++: If the setup threw an error about .NET or a VC++ redistributable, install the required version and retry. Exchange 2019 CU15 requires .NET 4.8 (which we covered) and certain Visual C++ 2012 and 2013 runtime libs (these should already be present from the original install). The Exchange setup logs will call out if anything is missing.
• Retention of Customizations: As noted, CU15’s setup should preserve many custom config file changes. If you find after upgrade that something reverted (for example, custom message size limits in config), check the backup files Exchange setup made. They typically get stored in the Exchange installation path under a folder like .bak with timestamps. You can manually restore settings from those if needed.
• Supportability: Remember that in on-premises Exchange, you are supported if you’re on the current or immediately previous CU (n or n-1). Now that you’ve upgraded to CU15, you should plan to apply Security Updates as they are released for CU15 (Microsoft will continue to provide security fixes until Exchange 2019’s end of support). CU15 being the last CU means future security patches will target CU15. If you ever lag behind (e.g., staying on CU14), you’d fall out of support once new security patches assume CU15 as baseline.
• Multiple Servers / DAG environments: (Not directly applicable to a single-server scenario, but worth noting) The general advice is to upgrade internet-facing Mailbox servers first, one at a time, then non-internet-facing, and lastly Edge Transport servers. Always put DAG members in maintenance mode, drain databases, etc., as per standard procedure. Since our scenario was a single-server, we didn’t detail DAG steps, but if you had a DAG, ensure databases fail over and re-balance after all nodes are updated.

By following this guide, you should have a smooth upgrade from Exchange 2019 CU14 to CU15. CU15 positions your Exchange 2019 for the future — it’s a stepping stone to the upcoming Exchange Server Subscription Edition (SE) and ensures you have all the latest fixes and security improvements (including support for TLS 1.3 on Windows Server 2022+). Always keep your Exchange server up-to-date and monitor the Exchange Team’s blog or TechCommunity for any last-minute notices or scripts (for example, security advisories or one-off scripts to run post-update).

Final Tip: If you haven’t already, consider running the Exchange Hybrid Configuration Wizard (HCW) after the upgrade if your server is in a hybrid deployment with Exchange Online. Sometimes CU updates can reset OAuth certificates or other hybrid parameters, and rerunning HCW ensures hybrid mail flow and features continue to work properly. Also, if you use Exchange-specific third-party plugins or applications (backup software, AV agents, etc.), ensure they are compatible with CU15.

Congratulations on your successful upgrade to Exchange 2019 CU15! Your server is now on the latest (and last) cumulative update for Exchange 2019, setting you up for continued support and a smoother path to Exchange vNext or Subscription Edition when the time comes.

 

Thanks,

Dave Kawula – MVP