Installing Cumulative Updates CU for Exchange Server 2013/2016/2019

Installing CU for Exchange Server 2013/2016/2019

 

PREPARATION TASKS 

  • Download the CU or Service Pack setup file from the Microsoft Download Center and extract it to a folder on each server.  
  • Take a confirmed backup of Active Directory. 
  • Take a confirmed backup of your existing Exchange 2019 servers and databases. 
  • Have documented any customizations such as OWA, config files on servers, registry changes, Lync integration, or third party add-ons. 
  • Reviewthis known issue with receive connectors that can cause upgrades to fail, leaving servers in a non-operational state. 
  • Verify that your Exchange SSL certificateshave not expired

 

INSTALLATION STEP GUIDELINE 

 

UPDATING MAILBOX SERVERS 

 

1. MOVE DATABASES 

Move-ActiveMailboxDatabase DB01 -ActivateOnServer lab-ex01 -MountDialOverride:None 

Move-ActiveMailboxDatabase DB02 -ActivateOnServer lab-ex01 -MountDialOverride:None 

Move-ActiveMailboxDatabase DB03 -ActivateOnServer lab-ex01 -MountDialOverride:None 

 

2. DISABLE CERTIFICATE REVOCATION CHECK IN IE 

Open Internet Explorer and click on "Tools," or the gear icon. Click "Internet Options" and click on the "Advanced" tab. Navigate to the "Security" subheading and remove the check marks on both the “Check for publisher’s certificate revocation” and “check for server certificate revocation” options. Click "OK" and then click "Apply." 

 

 How to fix Failed - Certificate error (revocation check) 221 | Ninite Help

 

3. DISABLE ANTI-VIRUS 

Disalbe antivirus.

 

4. DISABLE BACKUP SERVICES 

Disable backup exec service. 

 

5. PUT Exchange SERVER IN MAINTENANCE MODE 

 

Placed into maintenance mode before installing the cumulative update. 

Set-ServerComponentState lab-ex02 –Component HubTransport –State Draining –Requester Maintenance 

 

Redirect target server must be provided as a fully qualified domain name. 

Redirect-Message -Server lab-ex02 -Target lab-ex01.lab.local 

 

Suspend the DAG member from the cluster. 

Suspend-ClusterNode –Name lab-ex02 

 

Disable database copy activation 

Set-MailboxServer lab-ex02 -DatabaseCopyActivationDisabledAndMoveNow $true 

 

Review the existing database copy auto activation policy, so that you can return it to the same configuration after you’ve completed the upgrade. 

Get-MailboxServer lab-ex02 | Select DatabaseCopyAutoActivationPolicy 

DatabaseCopyAutoActivationPolicy : Unrestricted 

 

Set the auto activation policy to “Blocked”. If the policy is already set to “Blocked” then there is no action required. 

Set-MailboxServer lab-ex02 –DatabaseCopyAutoActivationPolicy Blocked 

 

Put the server into maintenance mode. 

Set-ServerComponentState lab-ex02 –Component ServerWideOffline –State InActive –Requester Maintenance 

 

6. RESTART SERVER 

 

7. INSTALL .NET FRAMEWORK 4.8 (BASE ON CU UPDATE PATH) 

Skip this step if the server already has a Dot Net 4.8 

 

Exchange 2019: Update to .NET Framework 4.8 - TechNet Articles - United  States (English) - TechNet Wiki

 

8. RESTART SERVER 

 

9. SET THE POWERSHELL EXECUTION POLICY TO UNRESTRICTED. 

Select Start > All Programs > Windows PowerShell version > Windows PowerShell. 

Set-ExecutionPolicy Unrestricted. 

 

10. DISABLE SCRIPT AGENT 

 

Disable-CmdletExtensionAgent "Scripting Agent" 

 

11. INSTALL EXCHANGE 2019 CU9 WITH ELEVATED PERMISSIONS 

ACTIVE DIRECTORY PREPARATION TASKS 

  1. Run setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms 

    (requires Enterprise Admins and Schema Admins permissions, and must be performed in the same AD Site as the Schema Master on a server with the RSAT-ADDS-Tools feature installed – the Schema Master itself would meet these requirements) 

  2. Run setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms
  3. Run setup.exe /PrepareDomain /IAcceptExchangeServerLicenseTerms  

in each domain in your forest that contains Exchange servers or mailboxes 

 

UPGRADING THE SERVERS 

Cumulative updates can be applied using either the command line or graphical setup, whichever you prefer. Both options are demonstrated below. 

  • Follow the pre-installation processes outlined earlier in this article depending on the server roles installed. 
  • Do not run the upgrade from the Exchange Management Shell as this will cause it to fail due to locked files. Run the upgrade from an elevated cmd prompt. 
  • If you receive a warning that the Office Filter Pack is not installed this can be ignored, as it is not a required component for Exchange Server 2019. 
  • Set the PowerShell execution policy on each server being upgraded to Unrestricted, as this may sometimes cause issues with update. Refer toKB981474

 

UPGRADING USING THE GRAPHICAL SETUP 

  • From the location that you extracted the cumulative update files runSetup.exe. 

Exchange Setup, Check for Updates page 

 

When the update check has completed clickNextto continue. 

 

Setup will begin copying files. This can take several minutes depending on your server’s performance capacity. 

 

Exchange Setup, Copying Files page

 

Setup will detect that this is an upgrade installation.  

 

You will need to accept the license agreement each time you upgrade a server. 

 

 Exchange Setup, License Agreement page

 

Setup will perform a pre-requisites check. If any pre-requisites are not met setup will stop and warn you about them, otherwise you will be able to proceed with the upgrade. 

 

Exchange Setup, Readiness Check page with errors resolved

 

The upgrade itself is a lengthy process and you may find that some steps appear to have hung with no progress. This may be a bug with the graphical setup, whereas the command line setup will typically show the percentage progress as it goes. 

 

Exchange Setup, Setup Progress page

 

When setup is complete you will be prompted to restart the server if required. 

 

Exchange Setup, Setup Completed page 

 

After the cumulative update has been install restart the server if prompted to do so. 

If you had placed the server into maintenance mode then you can run the commands or the script for stopping maintenance mode after the installation is finished (refer to the notes above). 

 

12. RESTART SERVER 

 

13. TAKE SERVER OUT OF MAINTENANCE MODE  

To take the server out of maintenance mode after the upgrade the process is reversed. Make sure that you return the database auto activation policy to the original setting if it was not “Unrestricted”. 

 

Set all server component to Active. 

 

Set-ServerComponentState lab-ex02 –Component ServerWideOffline –State Active –Requester Maintenance 

 

Resume the DAG member from the cluster. 

 

Resume-ClusterNode –Name lab-ex02 

 

Set the auto activation policy to “Unrestricted”. 

 

Set-MailboxServer lab-ex02 –DatabaseCopyAutoActivationPolicy Unrestricted 

 

Enable database copy activation 

 

Set-MailboxServer lab-ex02 –DatabaseCopyActivationDisabledAndMoveNow $false 

 

Take the server out of maintenance mode 

 

Set-ServerComponentState lab-ex02 –Component HubTransport –State Active –Requester Maintenance 

 

 

14. VERIFY SERVER HEALTH (CHECK SERVICES, CHECK EVENT LOGS, TEST EXCHANGE SERVER HEALTH W/ VARIOUS POWERSHELL COMMANDS) 

 

VERIFYING SERVER HEALTH 

Here are some suggestions for health checking your Exchange 2019 servers after applying updates. 

 

  • Check the cluster nodes are all up– verify that you have not left any DAG members suspended in the cluster by running the Get-ClusterNode cmdlet on one of the DAG members. 
  • Test service health– use the Test-ServiceHealth cmdlet to verify that all required services are running on each server. 
  • Test MAPI connectivity to every database– use the Test-MAPIConnectivity cmdlet to verify that all databases are mounted and accessible. 
  • Check the database copy status for DAGs– use the Get-MailboxDatabaseCopyStatus cmdlet to verify that all database copies, copy/replay queues, and content indexes are healthy. 
  • Test replication health for DAGs– use theTest-ReplicationHealthcmdlet on each DAG member to verify replication health is good. 
  • Check the database activation policy for each Mailbox server– verify that each Mailbox server that is in a DAG has the correctdatabase activation policyfor your environment. 
  • Check server component status– useGet-ServerComponentto verify that you have not left any servers in maintenance mode.
  • You can also use Test-ExchangeServerHealth.ps1 to review the health of your environment. 

 

15. MOVE DATABASES 

 

Move-ActiveMailboxDatabase DB01 -ActivateOnServer lab-ex02 -MountDialOverride:None 

Move-ActiveMailboxDatabase DB02 -ActivateOnServer lab-ex02 -MountDialOverride:None 

Move-ActiveMailboxDatabase DB03 -ActivateOnServer lab-ex02 -MountDialOverride:None 

 

16. TEST OUTLOOK, OWA, ACTIVESYNC, AND SEND/RECEIVE CAPABILITIES

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

You might also like!