Because we have to support newer Exchange Versions early, we decided to update to Exchange 2016 early. With CU4, we decided to upgrade all servers to Windows Server 2016. The Exchange boxes where the last Windows 2012R2 boxes in our productive Active Directory then.
The point where some things starting to go wrong! The performance was not optimal, and we found some issues with Get-Help! Now CU5 is released, and the downhill trail continues and things get worst!
We still have the Get-Help issue (like some other), and the Edge Role is very unstable and some of the services crash. A few days later, Microsoft released a Blog post „Exchange Server Edge Support on Windows Server 2016 Update.” In short: Do NOT use the Edge Role on Windows 2016!
If you have already updated the Servers to Windows Server 2016, do NOT install KB4013429, if you previously did you might better remove it before your servers get unstable. And the removal of the on Premise AntiSpam Filter could also help (see bellow).
However, keep in mind: It is highly recommended to use Windows Server 2012R2 as Operating System for an Exchange 2016 Edge Server, Windows 2012 seems to be still OK.
Ah, and by the way: The on Premise AntiSpam Filter is depreciated! Microsoft recommends you to use Exchange Online Protection (EOP) or a solid 3rd party solution in the future. Run the Uninstall-AntiSpamAgents.ps1 from the \Scripts folder created by Setup during Exchange installation.
There are a lot of options to get a good and solid Spam filtering in front of your exchange Servers! Many will prefer a hosted solution (cause this is very convenient) or Cloud Service. Some of these services are hosted outside of the European Union, so you should check your legal requirements before moving towards such a service.
Some security vendors also have Mail Security and Spam Filter options, so just check your product and contact your partner/vendor.
We removed our Edge Servers by replacing them with some small Postfix Boxes. We run them on Centos 7 and filter based on RBL/URBL filtering and a lot of Spam Assassins filters. These boxes are located in a dedicated DMZ zone, for the inbound and outbound instances.
Why this might be interesting: Exchange 2007 reaches his end of life on April 11th. (tomorrow)! If you think about a move towards Exchange 2016, you might want to think about the operating system. And at the Moment I cannot really recommend Windows Server 2016 as Operating System for Exchange 2016. It will work for most cases, but it looks like Windows 2012R2 is the better option! At least for now.
If you run Exchange 2013, my recommendation is even easier: Go to the latest CU (16, for now) and stay where you are. Don’t get me wrong: Exchange 2016 is good, but if you have Exchange 2013, the update is not the big leap, and as long as you need to stay on the old OLD (Yep, Windows Server 2012R2 is old!) Operating System, you might want to think about it.