Cumulative updates and Service Packs should be installed in the internet-facing site first, before installing in other sites in the organization.
- The first servers to be updated in a site are the Mailbox servers.
- The Client Access servers are updated second.
- Edge Transport servers can be updated last.
The steps for installing cumulative updates and service packs on Exchange 2013 are:
1. Preparation procedures:
- Take full backup of Active Directory.
- Take full backup of Exchange servers and all exchange databases.
- Download the latest Cumulative update (CU) from the official Microsoft wesite itself, not from any other site.
- Take a backup of any customization such as OWA, config files on servers, registry changes, Lync integration, or third party add-ons.
- Verify that exchange SSL certificate is not expired.
- Disable Anti-virus application.
- Disable any 3rd party e-mail scanning application.
2. Upgrading Mailbox Servers:
If Mailbox server is a single server, not part of Database Availability Group (DAG):
- Drain active mail queue on the mail server:
Set-ServerComponentState <ServerName> -Component HubTransport -State Draining -Requester Maintenance
i.e. to make it take the effect immediately, run the command:
if Mailbox server is single-role (MBX only)
Restart-Service MSExchangeTransport
if Mailbox server is a multi-roles (MBX & CAS)
Restart-Service MSExchangeTransport Restart-Service MSExchangeFrontEndTransport
- Redirect all pending emails from local queue to another mailbox server:
Redirect-Message -Server <ServerName> -Target <MailboxServerFQDN> Confirm Are you sure you want to perform this action? Redirecting messages to . [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"):Y
- Put the server in maintenance mode:
Set-ServerComponentState <ServerName> -Component ServerWideOffline -State Inactive -Requester Maintenance
If Mailbox server is a a part of Database Availability Group (DAG):
- Drain active mail queue on the mail server:
Set-ServerComponentState <ServerName> -Component HubTransport -State Draining -Requester Maintenance
i.e. to make it take the effect immediately, run the command:
if Mailbox server is single-role (MBX only)
Restart-Service MSExchangeTransport
if Mailbox server is a multi-roles (MBX & CAS)
Restart-Service MSExchangeTransport Restart-Service MSExchangeFrontEndTransport
- Redirect all pending emails from local queue to another mailbox server:
Redirect-Message -Server <ServerName> -Target <MailboxServerFQDN> Confirm Are you sure you want to perform this action? Redirecting messages to . [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"):Y
- Pause cluster services:
Suspend-ClusterNode <ServerName>
- Move all active databases to other DAG members:
Set-MailboxServer <ServerName> -DatabaseCopyActivationDisabledAndMoveNow $True
- Review the existing database copy auto activation policy, so that you can return it to the same configuration after you’ve completed the upgrade:
Get-MailboxServer <ServerName> | Select DatabaseCopyAutoActivationPolicy DatabaseCopyAutoActivationPolicy : Unrestricted
- To prevent mailbox databases copies from become active on the server. If the policy is already “Blocked”, then no action is required:
Set-MailboxServer <ServerName> -DatabaseCopyAutoActivationPolicy Blocked
- Put server in maintenance mode:
Set-ServerComponentState <ServerName> -Component ServerWideOffline -State Inactive -Requester Maintenance
- Run CU setup from GUI, or by using the command:
Setup /m:upgrade /IAcceptExchangeServerLicenseTerms
- Take server out of maintenance mode:
If Mailbox server is a single server, not part of Database Availability Group (DAG):
Set-ServerComponentState <ServerName> -Component ServerWideOffline -State Active -Requester Maintenance
i.e. to make it take the effect immediately, run the command:
if Mailbox server is single-role (MBX only)
Restart-Service MSExchangeTransport
if Mailbox server is a multi-roles (MBX & CAS)
Restart-Service MSExchangeTransport Restart-Service MSExchangeFrontEndTransport
If Mailbox server is a a part of Database Availability Group (DAG):
Set-ServerComponentState <ServerName> -Component ServerWideOffline -State Active -Requester MaintenanceResume-ClusterNode <ServerName> Name ID State ---- -- ----- <ServerName> 1 UpSet-MailboxServer <ServerName> -DatabaseCopyAutoActivationPolicy UnrestrictedSet-MailboxServer <ServerName> -DatabaseCopyActivationDisabledAndMoveNow $FalseSet-ServerComponentState <ServerName> -Component HubTransport -State Active -Requester Maintenance
i.e. to make it take the effect immediately, run the command:
if Mailbox server is single-role (MBX only)
Restart-Service MSExchangeTransport
if Mailbox server is a multi-roles (MBX & CAS)
Restart-Service MSExchangeTransport Restart-Service MSExchangeFrontEndTransport
To verify Server is out of maintenance mode:
Get-ServerComponentState <ServerName> | ft Component,State –Autosize
3. Upgrading Client Access Servers:
If Client Access Server is a single server, not part of Load Balance:
- Prepare Active Directory:
setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms
i.e. this command requires Enterprise Admins and Schema Admins permissions, and must be performed in the same AD Site as the Schema Master on a server with the RSAT-ADDS-Tools feature installed – the Schema Master itself would meet these requirements.
setup.exe /PrepareAD /IAcceptExchangeServerLicenseTermssetup.exe /PrepareDomain /IAcceptExchangeServerLicenseTerms
i.e. you must run the last command in each domain in your forest that contains Exchange servers or mailboxes.
- Run CU setup from GUI, or by using the command:
Setup /m:upgrade /IAcceptExchangeServerLicenseTerms
If Client Access Server is a more than one server, part of Load Balance:
- Remove Client Access Server from HLB.
- Prepare Active Directory:
setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms
i.e. ti requires Enterprise Admins and Schema Admins permissions, and must be performed in the same AD Site as the Schema Master on a server with the RSAT-ADDS-Tools feature installed – the Schema Master itself would meet these requirements.
setup.exe /PrepareAD /IAcceptExchangeServerLicenseTermssetup.exe /PrepareDomain /IAcceptExchangeServerLicenseTerms
i.e. the last command must be run in each domain in your forest that contains Exchange servers or mailboxes.
- Run CU setup from GUI, or by using the command:
Setup /m:upgrade /IAcceptExchangeServerLicenseTerms
- After Installation, you must redistribute Exchange databases between all mailbox servers by run the command:
cd $exscripts C:\Program Files\Microsoft\Exchange Server\V15\scripts>.\RedistributeActiveDatabases.ps1 -DagName DAGNAME -BalanceDbsByActivationPreference
4. Restore customization:
- Restore any any customization such as OWA, config files on servers, registry changes, Lync integration, or third party add-ons that you backed up in preperation procedure.
5. Enable Anti-virus application.
6. Enable your e-mail scanning application.
7. Verify Server Health:
- Check all cluster nodes and make sure that they are not suspended:
Get-ClusterNode
- Make sure that all services are running:
Test-ServiceHealth
- Check MAPI connectivity on all Mailbox servers:
Test-MAPIConnectivity
- Check Database copy status on all Mailbox servers:
Get-MailboxDatabaseCopyStatus
- Check replication health on all Mailbox servers:
Test-ReplicationHealth