Today we are re-releasing the August 2023 SUs for Exchange Server. The original release of the SUs (released on 8/8/2023) had a localization issue with Exchange Server running on a non-English OS that caused Setup to stop unexpectedly, leaving Exchange services in a disabled state.
The updated SUs resolve the localization issue, but if you were affected by the issue and used the workaround to install the original release, you need to act.
To help you understand the actions needed, we use the following naming convention to distinguish between the original August 2023 SU and the re-release:
- Aug SUv1: original August 2023 SU (released on 8/8/2023 with article KB5029388)
- Aug SUv2: re-released August 2023 SU (released on 8/15/2023 with article KB5030524)
The following table describes the actions you need to take based on your environment:
| If Aug SUv1… | And you… | Then, you should… |
| …was installed manually without any problems or issues | (no corrective action was needed) | Optionally install Aug SUv2 or install later SUs (when released) |
| …was installed automatically (Microsoft / Windows Update) without any problems or issues | (no corrective action was needed) | Aug SUv2 will be downloaded automatically. Install later SUs (when released) |
| …failed during Setup, and left Exchange services disabled | …restarted the Exchange services using ServiceControl.ps1 AfterPatch (or other means), but you did not install Aug SUv1 | Install Aug SUv2 and then later SUs (when released) |
| …failed during Setup, and left Exchange services disabled | …restarted the Exchange services using ServiceControl.ps1 AfterPatch (or other means), and you used the workaround to manually create a “Network Service” account and then installed Aug SUv1 | 1. Uninstall Aug SUv1 and reboot 2. Remove the manually created “Network Service” account (if it still exists) 3. Install Aug SUv2 and then later SUs (when released) |
| …was not/never installed | …want to keep your Exchange server up-to-date | Install Aug SUv2 and then later SUs (when released) |
Download links are updated in the August 2023 SU announcement blog post.
For any additional actions that might need to be done after your environment is updated to August 2023 SUv2, please see the original release blog post. You should always run Exchange Health Checker to know if any additional steps might be needed.
FAQs
We installed the original Aug SUv1 manually and had no problems. Do we need to install Aug SUv2?
No. In environments that have manually installed original release (Aug SUv1) and installation completed with no errors, installation of Aug SUv2 is optional.
We installed the original Aug SUv1 through Microsoft / Windows Update and had no problems. Will our server install Aug SUv2 automatically?
Yes. The version of re-released August SU package is higher than the version of the original August SU release and servers enrolled into getting updates through Windows Update will automatically get the new re-released version.
What are the differences between Aug SUv2 and Aug SUv1 update packages?
The only difference between original release and re-release of August 2023 SU package is the resolution of the localization issue that was causing the original release of August SU to fail on non-English OS servers. There are no other changes. The original release blog post, CVEs, and post-installation recommended actions still apply.
What would happen if we installed the Aug SUv1 by following the workaround and don’t uninstall it as recommended?
If you’re running Exchange Server on a non-English OS and were only able to install the Aug SUv1 by following the workaround we provided, you should uninstall the Aug SUv1 first. If you don’t remove the Aug SUv1, the requirement for the dummy “Network Service” account will remain and persist with any future SUs that are applied to the CU version that is installed on the machine.
In other words: If you used the workaround, and don’t uninstall Aug SUv1 but you delete the “Network Service” dummy account, then installation of Aug SUv2 (or later SUs) will fail with the same behavior as Aug SUv1.
If we need to uninstall Aug SUv1, will that have any impact on CVE-2023-21709 actions we already took?
No. Addressing CVE-2023-21709 either manually or by using the script that we provided is not directly related to installation of August 2023 SU package. Even if you remove Aug SUv1, you do not need to re-do anything you did to address CVE-2023-21709. The remaining August 2023 CVEs are tied to August SU package and installing Aug SUv2 (or later SUs, when released) will address those. If you have not yet addressed CVE-2023-21709, you can do so at any time.
We installed original Aug SUv1 using Windows Update and the full workaround (and we left the ‘Network Service’ account in place). When Microsoft re-released Aug SUv2, Windows Update installed Aug SUv2. We cannot uninstall SUv1 as it does not show installed anymore. Is there anything that we should do?
In this case, the requirement for the ‘Network Service’ dummy account carries forward. To break the chain of dependency on this account (started with Aug SUv1) we recommend you do the following:
- Uninstall SUv2 (because SUv2 replaced SUv1 on your server) and reboot
- Remove the “dummy” Network Service account
- Re-install SUv2 as if SUv1 never existed
Performing those steps will ensure that the dependency on the dummy ‘Network Service’ account does not carry forward to future SUs.
Changes to this blog post:
- 8/18: Added references to KB articles for two updates so they can be differentiated easier
- 8/18: Added a FAQ on what to do if SUv2 was already installed over SUv1 after full workaround was used
The Exchange Server Team
Read full article (Microsoft Exchange Blog)
All content and images belong to their respected owners, this article is curated for informational purposes only.
