Thursday, June 18, 2015

KB 3062157 Breaks Single Role Exchange 2013 Servers

It appears that there may be problems, in at least some cases, when you apply KB 3062157 to servers running Exchange Server 2013 SP1 or later. It will break web services such as OWA, ActiveSync, EWS, and ECP.  The KB is meant to address vulnerabilities described in Microsoft Security bulletin MS15-064.

The good news is that this problem appears to affect only  single role servers and not multi-role servers. Since most deployments have multi-role servers that will limit the impact.

If you deploy this update and experience problems, removing the update should resolve the issue and get the server functional again.

This update is also included as part of CU9 and doesn't appear to have the same issues when installed as part of CU9. A commenter on the blog below had problems with KB3062157, uninstalled that update, and installed CU9 without issue.


  1. How do we uninstall the KB? When I try it asks me for my Exchange installation disk and appears to be uninstalling all of SP1 and not just the KB?

  2. I don't want to leave you hanging on this, but I've never had the displeasure of needing to remove it. I would expect that removal of the KB from add remove programs would be the way to go. Make sure you're selecting just that update and not Exchange Server overall.

    Worst case scenario, have the CU9 or CU10 install files ready to go and you can do a recovery installation with those files to bring things back.