Hello All
Microsoft recommends their users and customers to install the Exchange Server Cumulative Updates (CUs), Security Updates (SUs), and Hot Fixes (HFs) as soon as possible to safeguard against known threats and avoid the risk of malicious attacks. However, installing or upgrading Exchange Server to newer CU requires planning and preparation to ensure your users are unaffected and the upgrade is successful. In this article, we have shared the detailed instructions to apply Cumulative Updates to Exchange Server 2013 and later.
Things to Consider Before Installing Exchange Cumulative Update
Steps to Install Cumulative Update in Exchange Server 2013, 2016, and 2019
Step 1: Download the Cumulative Update
Step 2: Put Exchange Server in Maintenance Mode
Step 3: Prepare for Cumulative Update
Step 4: Install RSAT-ADDs Feature
Step 5: Prepare Schema, AD, and Domains ( If CU Requires)
Step 6: Install Cumulative Updates via Unattended Setup or GUI
Step 7: Remove Server from Maintenance Mode
Microsoft releases Security Updates (SUs) monthly and Cumulative Updates (CUs) for supported Exchange Server versions, such as Exchange 2013, 2016, and 2019, every quarter.
Cumulative Updates contain all the hotfixes and security updates released between the current and last CU releases. In addition, CUs also bring new features and updates that may improve the server's performance and reliability.
Things to Consider Before Installing Exchange Cumulative Update
Before you begin installing the Cumulative Update to Exchange Server, consider the following:
- If you are running a standalone Exchange Server, the mail flow will stop until you finish applying the Cumulative Updates. Thus, it is critical to plan the update as it can take time to finish. Planning will also avoid issues or instances of failed installation that can render the server unusable.
- After the upgrade, you can't uninstall Cumulative Updates as uninstalling CU will remove the Exchange Server.
- Customizations made to Exchange Server, such as Web.config files, will be overwritten and require you to re-apply them after the CU upgrade is finished. Therefore, save all customized Exchange and IIS settings you have made.
- Always test the Cumulative update in a test environment before deploying it to the production server.
IMPORTANT NOTE: Back up before you start installing the CU. If the update fails for any reason, you can use your backup to build a new server and restore mailbox databases. However, if the backup isn't available, We have to use 3rd Party Exchange recovery software from the market place
Steps to Install Cumulative Update in Exchange Server 2013, 2016, and 2019
There are two ways to install Cumulative Updates,
- Through Graphical Users Interface (GUI).
- Using Command Prompt Unattended Mode.
install the Cumulative Updates on and DAG Exchange Servers. _ In this articles , we are using DAG
Set HubTransport to draining state
Set-ServerComponentState -Identity "ServerName01" -Component HubTransport -State Draining -Requester Maintenance
Since we have another Exchange Server in the organization, redirect the queued message to that server
Redirect-Message -Server ServerName -Target "ServerName02
As the server belongs to the DAG group, run the following command; otherwise, skip to ServerWideOffline
Suspend-ClusterNode "ServerName01"
Then disable database copy auto-activation and move the active copy of the database to another DAG member.
Set-MailboxServer "ServerName01" -DatabaseCopyActivationDisabledAndMoveNow $true
Also, block the DatabaseCopyAutoActivationPolicy,
Set-MailboxServer "ServerName01" -DatabaseCopyAutoActivationPolicy Blocked
Then put the Exchange Server into maintenance mode using the following command,
Set-ServerComponentState "ServerName01" -Component ServerWideOffline -State Inactive -Requester Maintenance
To verify Exchange Server is in maintenance mode, run the following command,
Get-ServerComponentState "ServerName01” | Select Component, State
The components must be in an inactive state.
Restart the server.
Prepare for Cumulative Update
On the download page, check the system requirement section to learn the pre-requisites you need to install.
Install RSAT-ADDs Feature
Before extending the Active Directory Schema, you must install the RSAT-ADD feature (Remote Tools Administration Pack) on the domain controller and Exchange Server. For this, open PowerShell as administrator and run the following command,
Install-windows feature RSAT-ADDSPrepare Schema, AD, and Domains - IF CU's needed
To prepare the Schema, Active Directory, and Domains, open Command Prompt as administrator and navigate the mounted CU ISO location using the CD command. For instance,
cd F:Then run the following commands to prepare the Schema, AD, and all Domains,
\Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataOff /PrepareSchema
\Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataOff /PrepareADNOTE: Starting from September 2021 CU, you need to use the /IAcceptExchangeLicenseterms_DiagnosticDataOFF or/IAcceptExchangeLicenseterms_DiagnosticData_ON for unattended installs.Restart the server in between to clear any pending reboots.
Remove Server from Maintenance Mode
Once the installation is finished, restart the server and then check the current version using the following command in EMS, and make sure the the correct build numbers are installed.
Get-command Exsetup.exe | Fl *fileVersionOnce verified, remove the server from the maintenance mode using the following command in Exchange Management Shell:
Once verified, remove the server from the maintenance mode using the following command in Exchange Management Shell:
Set-ServerComponentState “ServerName01” –Component ServerWideOffline –State Active –Requester MaintenanceSet-ServerComponentState "ServerName01" –Component HubTransport –State Active –Requester MaintenanceOn the DAG member server, you need to perform the following commands to remove maintenance mode,Resume-ClusterNode –Name ServerNameSet-MailboxServer ServerName –DatabaseCopyAutoActivationPolicy UnrestrictedSet-MailboxServer Servername –DatabaseCopyActivationDisabledAndMoveNow $falseSet-ServerComponentState “ServerName01” –Component ServerWideOffline –State Active –Requester MaintenanceSet-ServerComponentState ServerName01 –Component HubTransport –State Active –Requester MaintenanceTo verify the DAG member server is out of maintenance mode,Get-ClusterNode "ServerName01"Install Pending Security Updates (SUs)Once you have updated your Exchange Server to the latest Cumulative Updates, check any pending Security Updates. You can run healthChecker.ps1 script on your server to find the vulnerabilities and then apply the SUs to patch them.
Comments
Post a Comment