subheader-2.jpg

How to Update Exchange 2010 Servers

Jan 20 2015

This is to serve as an overview of the steps required to perform updates to an Exchange 2010 server that is a DAG member of a two node cluster.

If you are looking for a process to update Exchange 2013 please find that here. The procedures do vary so please be sure that you are referencing the correct procedure.

High level overview

This post is broken out into two sections. The first section will be a guide to updating Exchange 2010 CAS Servers. The second section will cover updating a DAG member of a two node cluster.

  • Ensure that you have a good backup of your Active Directory Schema
  • Ensure that you have a good backup of your Exchange environment to include all Databases
  • Follow the procedure outlined herein and perform updates on all CAS servers in your Primary Site first
  • Then, Follow the procedure and perform updates on the Mailbox Servers in your Primary site
  • Then, Follow the procedure and perform updates on the CAS Servers in your Secondary site
  • Lastly, Follow the procedure and perform updates on the Mailbox Servers in your Secondary site

**NOTE: Please make sure you have written documentation of any and all Custom settings in your environment. At times Exchange Service Packs can overwrite custom settings and revert them to default settings.

Updating a Client Access Server

**NOTE: The below guide is designed for a two-node DAG, but can be used in larger scenarios as well

As mentioned above sometimes certain updates for Exchange Servers can revert settings to default. It is imperative that you understand this and properly document any custom settings you may have implemented on your CAS server’s. The areas that are affected by these changes are mainly involve IIS. More specifically the Authentication types, redirections, and SSL settings. It is best practice to have a written account of these custom settings as well as a backup of IIS settings prior to updating your servers.
Use the CASCollect.ps1 script (found here)I have created to capture the CAS configuration for the exchange organization.

**NOTE: This script only needs to be ran once per environment as it captures configuration settings for all CAS servers.

Check written documentation against environment to ensure that all settings are still reflected in the documentation
Below I have provided commonly used commands to manage IIS configurations
to backup configuration, run the follow command:

%windir%system32inetsrvappcmd.exe add backup "My Backup Name"

to restore that backup, run this command:

%windir%system32inetsrvappcmd.exe restore backup "My Backup Name"

to delete a backup, run this command:

%windir%system32inetsrvappcmd.exe delete backup "My Backup Name"

To enumerate a list of backups and configuration history files, use the following command:

%windir%system32inetsrvappcmd.exe list backup

**NOTE: The IIS backup should be performed on each CAS server

If we are load balancing the Client Access roles of these servers we also need to login to the Load Balancer and remove the first server we have chosen to update from the pool of hosts.

  • Make sure that all Antivirus and Backup Services are stopped before proceeding
  • Perform the windows and Microsoft updates that you deem necessary for your environment
  • After the final update perform one last restart
  • Check to make sure that all services are back online
  • Login to the Netscaler and add back in the server to the pool of hosts
  • Repeat procedure on each CAS server in the site
  • Updating a Mailbox Server

**NOTE: The below guide is designed for a two-node DAG, but can be used in larger scenarios as well

To perform updates on a mailbox server that is in a DAG we need to place a member into what is called maintenance mode however; The maintenance mode script only works with DAG’s that have three or more members (Exchange 2010). To get around this caveat and prepare a member to receive updates we need to perform the steps manually.

Readying the Passive Node and Updating

Choose a server that you want to update first and activate all of the databases on the other server so the server you have chosen to receive updates first is completely passive in terms of holding databases.

Open an administrative elevated exchange management shell session.

Run the following commands:

You can activate all databases on another server by running the command below:

Get-MailboxDatabase | Move-ActiveMailboxDatabase -ActivateOnServer SERVERNAME
Set-executionpolicy unrestricted

Select yes

Suspend-ClusterNode –Name PASSIVENODE

On this next script we will noting the status of the databasecopyautoactivationpolicy (write it down – unrestricted/??)

Get-MailboxServer PASSIVENODE | Select DatabaseCopyAutoActivationPolicy
Set-MailboxServer -Identity PASSIVENODE –DatabaseCopyAutoActivationPolicy BLOCKED
Get-MailboxDatabaseCopyStatus *PASSIVENODE | Suspend-MailboxDatabaseCopy -ActivationOnly:$TRUE

** NOTE: make sure you replace PASSIVENODE in the above scripts with the actual passive server name

**NOTE: ensure that you have all programs and exchange management shell sessions closed throughout the update process

**NOTE: if you are performing a downloaded service pack or cumulative update install please make sure that you right-click and run the setup as an administrator

Make sure that all Antivirus and Backup Services are stopped before proceeding
Perform the windows and Microsoft updates that you deem necessary for your environment
After the final update perform one last restart of the passive node

Bringing the Passive node out of maintenance mode

Open an administrative elevated exchange management shell session.

Run the following commands:

Set-executionpolicy unrestricted

Select yes

Resume-ClusterNode –Name PASSIVENODE
Set-MailboxServer -Identity PASSIVENODE –DatabaseCopyAutoActivationPolicy unrestricted
Get-MailboxDatabaseCopyStatus *PASSIVENODE | Resume-MailboxDatabaseCopy

Restart the PASSIVENODE server

Verifying Server Health

Open up Exchange management shell and run the following test cmdlet to see how replication health is.

Test-replicationhealth

This lets you know if the server is ready to receive the mailbox copies

If for some reason you get a failure first try a reboot of the passive node and run the “test-replicationhealth” cmdlet again see if the issue has been remediated.

**NOTE: that if you have any single instanced databases IE: archive databases that are not replicated. These will show up as failed in this test

Get-clusternode (this verifies that the members of the dag are all active and not paused)

Test-servicehealth (this verifies that all services are running)

Get-mailboxdatabasecopystatus (verifies that all database copies, copy/replay queues, and content indexes are healthy)

Follow-up Steps

If all passes then you are good to move the mailboxes back over from the active server and ready it for updates by repeating this section of the guide
Perform tests in your environment to make sure that all Exchange functions are working this is not a definitive list. (CAS: Autodiscover, OAB, OWA, EAS, ECP; MB: DAG,PF,MBDB) Please use your own judgment on additional systems that need to be tested for functionality.

Brandon Nolan

Written by Brandon Nolan

Subscribe to Bits & Bytes via Email

Recent Posts