In this article I will demonstrate the step by step process for installing cumulative updates and service packs for Exchange Server 2013.
The steps for installing cumulative updates and service packs on Exchange 2013 are:
- Prepare by downloading update files, checking backups, and reviewing known issues
- Update mailbox and multi-role servers in the internet-facing sites
- Update client access servers in the internet-facing sites (if any)
- Update Exchange 2013 servers in any remaining internal sites (if any)
- Update Edge Transport servers (if any)
- Perform health checks and rebalancing of servers
Preparation Tasks
Before installing any cumulative updates you should:
- Download the CU or Service Pack setup file from the Microsoft Download Center (do not download from third party sites) and extract it to a folder on each server. You can download the latest cumulative update and upgrade an Exchange 2013 server to the latest version in one update. You do not need to install all of the cumulative updates released between your current version and the latest version.
- Take a confirmed backup of Active Directory.
- Take a confirmed backup of your existing Exchange 2013 servers and databases.
- Have documented any customizations such as OWA, config files on servers, registry changes, Lync integration, or third party add-ons.
- Review this known issue with receive connectors that can cause upgrades to fail, leaving servers in a non-operational state.
- Verify that your Exchange SSL certificates have not expired.
- Check the Exchange Supportability Matrix and verify that you are maintaining the .NET Framework on your servers to remain compatible with Exchange.
Installing Cumulative Updates and Service Packs
Cumulative updates and Service Packs should be installed in the internet-facing site first, before installing in other sites in the organization.
- The first servers to be updated in a site are the Mailbox servers.
- The Client Access servers are updated second.
- Edge Transport servers can be updated last.
If you have multi-role CAS/MBX servers installed then setup updates the roles in the correct order anyway, and you should simply start with the internet-facing servers.
During the deployment of a cumulative update within a site that contains load-balanced Client Access server or Database Availability Group members there will be a period where servers are not at exactly the same version. Although this is expected and supported, it is not supported to stay in that state for a long period of time.
In other words, you should plan to update all DAG members within a short period of time, and not allow them to run at different versions for days, weeks or months.
Updating Mailbox Servers
Mailbox servers in a multi-server environment, whether installed as standalone or as a multi-role server, should be placed into maintenance mode before installing the cumulative update.
Note that the redirect target server must be provided as a fully qualified domain name.
[PS] C:\>Set-ServerComponentState E15MB1 –Component HubTransport –State Draining –Requester Maintenance [PS] C:\>Redirect-Message -Server E15MB1 -Target E15MB2.exchange2013demo.com Confirm Are you sure you want to perform this action? Redirecting messages to "E15MB2.exchange2013demo.com". [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): y
If the server is a DAG member proceed to the next section which contains additional steps for DAG members, otherwise put the server into maintenance mode with the following command.
[PS] C:\>Set-ServerComponentState E15MB1 –Component ServerWideOffline –State InActive –Requester Maintenance
Exchange MVP Michael Van Horenbeeck has published a script for automating the process of starting and stopping maintenance mode.
Updating Mailbox Servers that are Database Availability Group Members
In addition to placing Mailbox servers in maintenance mode any DAG members also need to have active mailbox databases moved to another DAG member, and be blocked from activation while the cumulative update is being installed.
Suspend the DAG member from the cluster.
[PS] C:\>Suspend-ClusterNode –Name E15MB1 Name ID State ---- -- ----- E15MB1 1 Paused
Disable database copy activation.
[PS] C:\>Set-MailboxServer E15MB1 –DatabaseCopyActivationDisabledAndMoveNow $true
Review the existing database copy auto activation policy, so that you can return it to the same configuration after you’ve completed the upgrade.
[PS] C:\>Get-MailboxServer E15MB1 | Select DatabaseCopyAutoActivationPolicy DatabaseCopyAutoActivationPolicy : Unrestricted
Set the auto activation policy to “Blocked”. If the policy is already set to “Blocked” then there is no action required.
[PS] C:\>Set-MailboxServer E15MB1 –DatabaseCopyAutoActivationPolicy Blocked
Put the server into maintenance mode.
[PS] C:\>Set-ServerComponentState E15MB1 –Component ServerWideOffline –State InActive –Requester Maintenance
Taking Servers Out of Maintenance Mode
To take the server out of maintenance mode after the upgrade the process is reversed. Make sure that you return the database auto activation policy to the original setting if it was not “Unrestricted”.
[PS] C:\>Set-ServerComponentState E15MB1 –Component ServerWideOffline –State Active –Requester Maintenance [PS] C:\>Resume-ClusterNode –Name E15MB1 Name ID State ---- -- ----- E15MB1 1 Up [PS] C:\>Set-MailboxServer E15MB1 –DatabaseCopyAutoActivationPolicy Unrestricted [PS] C:\>Set-MailboxServer E15MB1 –DatabaseCopyActivationDisabledAndMoveNow $false [PS] C:\>Set-ServerComponentState E15MB1 –Component HubTransport –State Active –Requester Maintenance
Exchange MVP Michael Van Horenbeeck has published a script for automating the process of starting and stopping maintenance mode.
Updating Load-Balanced Client Access Servers
If you are running load-balanced Client Access servers in a site then you should configure the load balancer to remove the server from the pool of hosts, and allow any existing connections to close, before you install the cumulative update.
The exact steps for this will depend on the load balancing solution that you use, and you should refer to your vendor documentation for those.
As each Client Access server is updated join it to the pool again and then repeat the process for the next server.
Active Directory Preparation Tasks
Some cumulative updates will include Active Directory schema changes. In those cases the following steps will be required.
Note: The AD preparation tasks are not required to be run separately to the upgrade of Exchange, unless in circumstances where you need to separate the tasks to different teams with different permissions, or if you have a multi-domain forest and want to control the AD changes.
Before applying the schema update follow the steps provided by Michael B Smith to retrieve the existing Exchange schema version, so that you can compare it before and after the AD preparation steps have been completed to verify that the schema update was applied.
- Run setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms (requires Enterprise Admins and Schema Admins permissions, and must be performed in the same AD Site as the Schema Master on a server with the RSAT-ADDS-Tools feature installed – the Schema Master itself would meet these requirements)
- Run setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms
- Run setup.exe /PrepareDomain /IAcceptExchangeServerLicenseTerms in each domain in your forest that contains Exchange servers or mailboxes
When the Active Directory changes have been applied, on each server run the upgrade.
Upgrading the Servers
Cumulative updates can be applied using either the command line or graphical setup, whichever you prefer. Both options are demonstrated below.
- Follow the pre-installation processes outlined earlier in this article depending on the server roles installed.
- Do not run the upgrade from the Exchange Management Shell as this will cause it to fail due to locked files. Run the upgrade from an elevated cmd prompt.
- If you receive a warning that the Office Filter Pack is not installed this can be ignored, as it is not a required component for Exchange Server 2013.
- Set the PowerShell execution policy on each server being upgraded to Unrestricted, as this may sometimes cause issues with update. Refer to KB981474.
Caution: a cumulative update is a full reinstall of Exchange Server 2013. If it is interrupted, or fails part way through the installation, you may need to perform a server recovery. There is also no way to uninstall a cumulative update.
Note: Exchange 2013 cumulative updates stop the “Microsoft Exchange FrontEnd Transport” and “Microsoft Exchange Transport” services during the pre-requisites check. If you do not proceed with the installation you will need to manually restart the Microsoft Exchange Transport service.
Upgrading Using the Command Line
In an elevated command prompt run the following command from the location where you extracted the cumulative update files.
Setup /m:upgrade /IAcceptExchangeServerLicenseTerms
The command prompt window will display the progress as the upgrade proceeds. The upgrade itself is a lengthy process so you should allow plenty of time for each server.
After the cumulative update has been install restart the server if prompted to do so.
If you had placed the server into maintenance mode then you can run the commands or the script for stopping maintenance mode after the installation is finished (refer to the notes above).
Upgrading Using the Graphical Setup
From the location that you extracted the cumulative update files run Setup.exe. It is recommend to allow setup to connect to the internet and check for updates.
When the update check has completed click Next to continue.
Setup will begin copying files. This can take several minutes depending on your server’s performance capacity.
Setup will detect that this is an upgrade installation.
You will need to accept the license agreement each time you upgrade a server.
Setup will perform a pre-requisites check. If any pre-requisites are not met setup will stop and warn you about them, otherwise you will be able to proceed with the upgrade.
The upgrade itself is a lengthy process and you may find that some steps appear to have hung with no progress. This may be a bug with the graphical setup, whereas the command line setup will typically show the percentage progress as it goes.
When setup is complete you will be prompted to restart the server if required.
After the cumulative update has been install restart the server if prompted to do so.
If you had placed the server into maintenance mode then you can run the commands or the script for stopping maintenance mode after the installation is finished (refer to the notes above).
Post-Installation Tasks
After deploying an Exchange 2013 cumulative update there are a number of post-installation tasks that may be required.
Rebalance the Database Availability Group
After you’ve updated all of your DAG members there is a good chance that the active databases will not be evenly distributed across the DAG, or won’t be on their first activation preference. This process is the same for Exchange 2013 as it is for Exchange 2010.
[PS] C:\>cd $exscripts [PS] C:Program FilesMicrosoftExchange ServerV15scripts>.RedistributeActiveDatabases.ps1 -DagName E15DAG -BalanceDbsByActivationPreference
Restoring Customizations
After you have completed updating your servers you will need to re-apply any customizations that you had documented during the preparation steps above.
Verifying Server Health
Here are some suggestions for health checking your Exchange 2013 servers after applying updates.
- Check the cluster nodes are all up – verify that you have not left any DAG members suspended in the cluster by running the Get-ClusterNode cmdlet on one of the DAG members.
- Test service health – use the Test-ServiceHealth cmdlet to verify that all required services are running on each server.
- Test MAPI connectivity to every database – use the Test-MAPIConnectivity cmdlet to verify that all databases are mounted and accessible.
- Check the database copy status for DAGs – use the Get-MailboxDatabaseCopyStatus cmdlet to verify that all database copies, copy/replay queues, and content indexes are healthy.
- Test replication health for DAGs – use the Test-ReplicationHealth cmdlet on each DAG member to verify replication health is good.
- Check the database activation policy for each Mailbox server – verify that each Mailbox server that is in a DAG has the correct database activation policy for your environment.
- Check server component status – use Get-ServerComponent to verify that you have not left any servers in maintenance mode.
- Run Exchange Analyzer to check for best practices compliance.
You can also use Test-ExchangeServerHealth.ps1 to review the health of your environment.
Acknowledgements
Thanks to Exchange MVPs Tony Redmond, Jeff Guillet, Michael B Smith, and Michael Van Horenbeeck for sharing their notes and experiences with the cumulative update process.
We are migrating from Exchange 2016 to Exchange 2019. We ran schema update using Exchange 2019 RTM. Now we want to update our 2016 server to latest CU 21 and Security update, but it is not working as it says schema version is higher than setup version
Thank you for your great writing.
I do have a question; regarding the installation path.
Will installing the CU update rewrites the installation path? i.e. if I had Exchange files installed on the D drive; will it reinstall them on the C drive?
Thank you.
Amazing write up. Your such a gem.
I am currently upgrading from CU4 to CU23 i have multiple DCs but i get the following error.
Setup encountered a problem while validating the state of Active Directory: ‘ADC02.xxx.local’ isn’t a fully qualified domain name (FQDN). Please provide a valid FQDN. For example: ‘adc02’.
The FQDN is correct though
Amazing write up. Your such a gem.
I am currently upgrading from CU4 to CU23 i have multiple DCs but i get the following error.
Setup encountered a problem while validating the state of Active Directory: ‘ADC02-NEW.xxx.Local’ isn’t a fully qualified domain name (FQDN). Please provide a valid FQDN. For example: ‘adc02-new’.
The FQDN is correct though
I am upgrading RTM to CU23 so i can then migrate to a new server. last time i tried this it broke. are there any tricks or do i need to step the upgrade?
hi
i have exchange 2013 and the CU14 .i want to upgrade to the CU23 what is the step؟ or do I need to upgrade in sequence ?
thanks and regards
Hi Paul,
Can you please provide Exchange Server 2013 CU 21? I had lost CU 21 and i didn’t found it from any of the existing websites.
Thank you Paul, just upgraded my first part of DAG, F5 load balanced and consisting of one separate cas and one separate mbx server from cu13 to cu 22, on mbx I had .net.framework upgraded to 4.7.2 and on cas I had support by cu13 4.6.1 and I upgraded it. Only one problem I had with WMSVC service because i need to create cert for WMSVC. On monday 2 december I’m planning to upgrade second part of cluster consisting of one separate cas and one separate mbx server with old cu13. I completed upgrade absolutely seamlessly for my users.
Thank you so mush for you great posts !!!
Thank you for the write up
Hi Paul,
I am getting errors when installing Exchange2013-KB4471389-x64-en.msp on my Exchange Server 2013 CU21.
Below is the error,
“The upgrade patch cannot be installed by Windows Installer service because the program to be upgraded may be missing, or the upgrade patch may update a different version of the program. Verify that the program to be upgraded exists on your computer and that you have the correct upgrade patch”
I have tried installing by running in admin elevated cmd, built-in administrator but getting the same error for all the upgrades. Please let me know the fix for the issue.
Same issue on Exchange2013-KB4340731-x64-en.msp, Exchange2013-KB4459266-x64-en.msp and Exchange2013-KB4471389-x64-en.msp
Thanks,
Kapil
Hi Paul
That michels maintanence script also move all database to the other maibox server automaticaly?
Hi Paul,
Currently i am using Exchange 2013 which has CU18 installed.
My question is since Exchange 2019 has come out would you think it best to upgrade to Exchange 2016 instead since in the long run Microsoft will do away with support for 2013, will you be doing any articles about 2013 to 2016 upgrade?
Thanks.
Samson.
Hi Paul,
I have Exchange enviroment with intergated Lync. Have you experience to update CU without effect Lync
Thanks
this article needs an update. do we still use Edge Transport servers alone?
Any guides or steps to decommission co-existing exchange 2010 after migrating all mailboxes to 2013.
Hey ,
i have 2 questions,
i have co-existence of 2010 and 2013 , both are working fine .
2010 have MSME but 2013 has nothing installed for protection.
Is Mcafee Security for Microsoft Exchange enough for its protection, as have turned off its anti-spam.
Secondary ,Im using Windows backup Server for backups and logs ,my database is 350gb + 3 gb logs everyday , i have given 500Gb to backup drive but it consumes all of it and now the backups are failing due to low storage and it needs a full backup.
can i delete the big file inside that backup drive/folder which took up 430 GB itself to restart backps?
thanks.
Kamran
For McAfee, you need to decide for yourself whether it is good enough protection for your organization.
For the backup, if you delete that backup file then I guess you won’t have any backups left any more, until you run another successful backup. That sounds risky to me.
Hi,
thanks for nice article.
Ive problem I just installed CU17 on Exchange Edge Server, but I dont see that new version in ECP, when I use cmdllet on Edge server “Get-ExchangeServer” its ok, but when I use on CAS it showed the old one. How I can Update it?
Thanks
Recreate the edge subscription to update the version number in AD.
More info here (this applies to Exchange 2013/2016 as well)
https://www.practical365.com/exchange-server/exchange-2010-edge-transport-faq/
Hi, Paul,
We have two Exch 2013 servers with multi roles installed, and updated to CU15
can I update to CU18 directly?
Please advice.
Here you go:
https://www.practical365.com/exchange-server/faq-order-install-service-packs-update-rollups-cumulative-updates/
Hi Paul,
While taking out severs from maintenance mode, do I need to remove redirecting also ?Please confirm. Its not mention in above steps.
Thanks for the great work you are doing…
The redirection is a one-time action to move queued messages to another server for processing. It’s not a permanent state.
Hi Paul,
I’m having a weird issue attempting to upgrade Exchange 2013 SP1 to CU15. The install is failing on the prerequisite checks and I just can’t figure it out.
The local domain needs to be prepared using Setup /PrepareDomain before server roles can be installed.
I’ve run the setup.exe /PrepareSchema and /PrepareAD switches manually prior to install and have confirmed the Schema version is 15312 per this TechNet blog post https://blogs.technet.microsoft.com/rmilne/2015/03/17/how-to-check-exchange-schema-and-object-values-in-ad/. The organisation version is also 16310. DCDiag tells me replication is working fine and running Setup /PrepareDomain does not stop this check from failing. I’m not sure why this one is failing at all.
The mailbox server role isn’t installed on this computer.
This one is somewhat off-putting as the Mailbox role is obviously installed, otherwise I’d be having many more problems. The setup points me to two TechNet articles for specifically UnifiedMessagingRoleNotInstalled and BridgeheadRoleNotInstalled. Neither of these articles have any actual information.
As far as I know wouldn’t both of these be installed with Exchange regardless? We don’t use Unified Messaging and I’m not sure what the Bridgehead role actually is either.
An unsupported operating system was detected. Exchange Server 2013 Client Access, Mailbox, and Edge Transport server roles support Windows Server 2008 R2 SP1 or later and Windows Server 2012.
I’m running Server 2012 R2 Datacentre and Exchange 13 SP1 is already installed so this makes zero sense to me.
I’ve attempted to run the upgrade installer with AV disabled, backup software disabled, there’s no monitoring software on that server. My AD account is a member of Enterprise Admins and Schema Admins. I’m pretty much out of ideas at this point.
Any ideas? Cheers,
Ryan
It’s a bit hard to tell from your post what’s your comments and what is error messages so I don’t know what is going on with your upgrade there. I’d suggest posting to /r/exchangeserver on Reddit where you can provide more context about the issue and perhaps it will make more sense and I or someone else there will be able to suggest a fix.
Ah, my bad. I couldn’t make the errors appear bold in the text (at least I’m not sure if I could).
The errors are
1. The local domain needs to be prepared using Setup /PrepareDomain before server roles can be installed.
2. The mailbox server role isn’t installed on this computer.
3. An unsupported operating system was detected. Exchange Server 2013 Client Access, Mailbox, and Edge Transport server roles support Windows Server 2008 R2 SP1 or later and Windows Server 2012.
And the text underneath each was just my response to each.
I shall post to the Exchange subreddit anyway.
You sure you’re running setup on the server? I can’t think of any reason why it would throw those errors otherwise.
I only have a single mail server and its called ex2, it’s definitely the right server.
I think my only option at this point is to contact Microsoft.
This is the first article i see that askt to install first on MBX servers.
Is the above posted procedure still working for an:
2x exchange 2013 CU3 -> CU15 upgrade on windows server 2012 ( DAG activated) enviroment ?
Yes, but that’s a big leap in versions. Double check the .NET framework version support in the Exchange supportability matrix on TechNet to make sure you also end up with the correct .NET framework version installed.
Hi,
Regarding the .NET Framework version, our 2 DAGS and 2 CAS servers are in Exchange 2013 CU8 with .NET 4.5.2.
We are planning to upgrade from CU8 to CU16.
https://blogs.technet.microsoft.com/exchange/2017/03/21/released-march-2017-quarterly-exchange-updates/
Technet article above states we should install CU15 first, upgrade .NET to 4.6.2 then upgrade to CU16 which is time consuming in a sens as the outage Windows is limited.
We need to know whether is supported to first upgrade our servers .NET to 4.6.2 and then install CU16 without the hop at CU15 ?
Concerning the CAS NLB, which is safest Stop-NlbClusterNode or Remove-NlbClusterMode ?
Many thanks in advance,
Microsoft publishes the Exchange Server Supportability Matrix which you’ll find via a Google search for those words, and it lists the Exchange and .NET version compatibility. You should plan an upgrade path for Exchange and .NET that keeps you within supported versions of each. Yes it’s more time consuming. That is the downside of leaving it so long to perform updates on your server.
I don’t know what to do about the NLB cluster because I don’t run any. NLB was not recommended for use with Exchange 2013 for a variety of reasons so I never used it.
Flawless Upgrade from Exchange 2013 CU8 to CU16, followed your article and advises, many thanks again 🙂
Hi Paul,
Thanks to you for publishing a wonderful article, it’s kind of life-saving for many.
I have a query before go for CU15 that I have dual exchange environment one is MS Exchange 2007 (08.03.0485.001) and MS Exchange 2013 (847.32), is their anything i have to check before updation for Exchnage 2013.
Simply i want to know for above environment do i have to go for updation?
Your help is appreciated.
Regards
Anoop
Update the 2013 server first, then the 2007 server (unless it’s already fully updated).
Paul,
I am currently on Exchange 2013 CU 12 and have tried to upgrade to both CU 14 or the new CU 15 without success. I have run the setup.exe from both an elevated command prompt as well as right click and run as Administrator. I get a quick setup initializing and then nothing else. I have tried with Exchange in maintenance mode as well as not putting it in maintenance mode. I get the same behavior. It is very strange as I successfully did a few other CU’s in the past.
Also, I have no AV running as I know that causes issues. I have only tried GUI install and not silent.
Any thoughts or suggestions?
Thanks
Chuck
Is it safe to upgrade from CU5 to CU15 or 14?
Hi Paul
I am using Exchange Server 2013 CU 14. Microsoft has recently issued CU15 for exchange 2013.
Currently My exchange server fully updated and no updates required. Should i still upgrade to CU15 eventhough my exchange server fully updated.
Hi Paul, I have an Exchange 2013 CU11 environment. I planned to update it to CU13 but stopped after the pre check alerted me to the fact there was the AU-ENG language pack installed and it needed to be uninstalled.
To uninstall the AU-ENG language pack do I use the setup.exe file from the Extracted CU13 code ?
I have read a few articles about the version mismatch is you use the wrong code.
No idea actually, I never touch language packs.
Hi Paul, if you install the Exchange Server 2013 CU14 update on a trial version (Version 15.0 (Build 516.32)) Does it continue to be in it’s trial condition?
Cheers
Phil
Yes, it will still be a trial.
I have Exchange Server 2013 CU2 is it recommend updating to CU14 and any excepted issues after update to CU14 direct please provide me
You are running a CU that has been out of support for a long time, so yes you should update.
Hi ,
I’m upgrading Exchange 2013 from CU8 to CU13, installation is stuck at “Mailbox role: Transport Service at 3% since last 4 hours” , not sure this is a known issue, there are no errors so far, no performance issues nor any disk space issue, but the installation is stuck.
Look at the Exchange setup log on C: drive to see what it is stuck on. Or perhaps it is just running very slow.
You might also be seeing this issue:
https://www.practical365.com/slow-installation-of-exchange-server-updates-on-windows-server-2012-r2/
I had an issue with 4 node DAG set up where multi role installed. ECP and OWA crashed keep crashing after CU13 updated. I did startdagmaintenacemode.ps1 to put the server DAGs in maintenace mode . I did notice this issue sometime later after the update. All i had to run updatecas.ps1 to make the URL uptated. Can you suggest what would be the issue.
You shouldn’t be using that script to put Exchange 2013 servers in maintenance mode. Whether that is causing your problem though, it’s hard to say. No software is perfect. But you should start by following the correct update procedures in future and see if problems keep occurring.
Great information. I have an installation not yet live. It is Exchange 2013 CU12. I have CU12 in the root of C, and installed from there. Once I have upgraded to CU14, can I delete the CU12 directory? It is abut 5 gigs.
Yes.
Thanks Paul Its Very Help full
I can tell this is going to be a great help. I’m going to do the prep work before starting the upgrades
I haven’t even done the work yet and I can tell this is going to be a great help. I’m just doing the prep work before starting the upgrades
Pingback: Exchange 2013 upgrading | IT Management
Hi Paul
Having a major issue after running the update need help i get this error on Step 5 of 9: Mailbox Role: Mailbox Service:
Error:
The following error was generated when “$error.Clear();
if (($RoleIsDatacenter -ne $true) -and ($RoleIsDatacenterDedicated -ne $true))
{
if (test-ExchangeServersWriteAccess -DomainController $RoleDomainController -ErrorAction SilentlyContinue)
{
# upgrade the discovery mailboxes to R5 version, this will fix the RecipientDisplayType property of the discovery mailbox which was wrong in R4.
get-mailbox -RecipientTypeDetails DiscoveryMailbox -DomainController $RoleDomainController | where {$_.IsValid -eq $false} | set-mailbox -DomainController $RoleDomainController
$name = [Microsoft.Exchange.Management.RecipientTasks.EnableMailbox]::DiscoveryMailboxUniqueName;
$dispname = [Microsoft.Exchange.Management.RecipientTasks.EnableMailbox]::DiscoveryMailboxDisplayName;
$mbxs = @( get-mailbox -Filter {name -eq $name} -IgnoreDefaultScope -resultSize 1 );
if ( $mbxs.length -eq 0)
{
$dbs = @(get-MailboxDatabase -Server:$RoleFqdnOrName -DomainController $RoleDomainController);
if($dbs.Length -ne 0)
{
$mbxUser = @(get-user -Filter {name -eq $name} -IgnoreDefaultScope -ResultSize 1);
if ($mbxUser.Length -ne 0)
{
enable-mailbox -Discovery -identity $mbxUser[0] -DisplayName $dispname -database $dbs[0].Identity;
}
}
}
}
else
{
write-exchangesetuplog -info “Skipping creating Discovery Search Mailbox because of insufficient permission.”
}
}
” was run: “Microsoft.Exchange.Data.DataValidationException: Database is mandatory on UserMailbox.”.
Error:
The following error was generated when “$error.Clear();
if (($RoleIsDatacenter -ne $true) -and ($RoleIsDatacenterDedicated -ne $true))
{
if (test-ExchangeServersWriteAccess -DomainController $RoleDomainController -ErrorAction SilentlyContinue)
{
# upgrade the discovery mailboxes to R5 version, this will fix the RecipientDisplayType property of the discovery mailbox which was wrong in R4.
get-mailbox -RecipientTypeDetails DiscoveryMailbox -DomainController $RoleDomainController | where {$_.IsValid -eq $false} | set-mailbox -DomainController $RoleDomainController
$name = [Microsoft.Exchange.Management.RecipientTasks.EnableMailbox]::DiscoveryMailboxUniqueName;
$dispname = [Microsoft.Exchange.Management.RecipientTasks.EnableMailbox]::DiscoveryMailboxDisplayName;
$mbxs = @( get-mailbox -Filter {name -eq $name} -IgnoreDefaultScope -resultSize 1 );
if ( $mbxs.length -eq 0)
{
$dbs = @(get-MailboxDatabase -Server:$RoleFqdnOrName -DomainController $RoleDomainController);
if($dbs.Length -ne 0)
{
$mbxUser = @(get-user -Filter {name -eq $name} -IgnoreDefaultScope -ResultSize 1);
if ($mbxUser.Length -ne 0)
{
enable-mailbox -Discovery -identity $mbxUser[0] -DisplayName $dispname -database $dbs[0].Identity;
}
}
}
}
else
{
write-exchangesetuplog -info “Skipping creating Discovery Search Mailbox because of insufficient permission.”
}
}
” was run: “Microsoft.Exchange.Data.DataValidationException: Database is mandatory on UserMailbox.
at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception, ErrorCategory errorCategory, Object target, String helpUrl)
at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target, Boolean reThrow)
at Microsoft.Exchange.Configuration.Tasks.DataAccessTask`1.Validate(TDataObject dataObject)
at Microsoft.Exchange.Configuration.Tasks.SetTaskBase`1.InternalValidate()
at Microsoft.Exchange.Configuration.Tasks.SetRecipientObjectTask`3.InternalValidate()
at Microsoft.Exchange.Management.Common.SetMailEnabledRecipientObjectTask`3.InternalValidate()
at Microsoft.Exchange.Management.RecipientTasks.SetUserBase`2.InternalValidate()
at Microsoft.Exchange.Management.RecipientTasks.SetMailboxBase`2.InternalValidate()
at Microsoft.Exchange.Management.RecipientTasks.SetMailbox.InternalValidate()
at Microsoft.Exchange.Configuration.Tasks.Task.b__b()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)”.
I Finally managed to get it working! I Deleted the DiscoverySearchMailbox.
Hi Paul
In other forums people are saying the update order schould be like this, without specifying the conclusion to this.
CAS, HUB, UM, MBX.
In your article you mention to update Mailbox Server roles first, then Client Access Server role and last Edge Transport.
Could you specify why?
I have a question about upgrading order of mailbox servers.
I have an exchange infrastructure spread over two sites , I implemented site resiliency .
Site1 : Two CAS and two maibox (Internet facing)
Site2 : one CAS and one Mailbox
About the order :
1. I start by moving all DB to the second Mailbox, then upgrade Mailbox Server 1
2. I Move all DBs to First Mailbox Server, then upgrade Second Mailbox server.
3. Thereafter, i upgrade the third mailbox server in the DR Site.
What do you say of this Steps, is that correct.
Many Thank’s Mr Paul.
Thank you Paul for such a good article.
I just wanted to share that a restart required after putting the server in maintenance mode, otherwise CU12 doesn’t proceed, and after the successfully update server should be restart again and take out server from Maintenance mode.
Can we delete extracted Cumulative Update 12 folder from Exchange drive C after the update done ?
Yes.
Thank you Paul,
My upgrade has been done successfully with latest patch 12 released on April.
I just wanna be sure that during the upgrade process, all required files has been copied and nothing left where I need to bring these Cumulative back .
Please advice.
I noticed that when you list the items to bring servers out of maintenance mode, you don’t list the redirect message command. My process is to disable the node on our F5 (we have 3 multi-role servers) after I have moved any active databases off of the server. Would I still need to set the redirect message?
The redirect command moves any queued mail to a different transport server. So it only needs to be done during the prep stage.
Yes, you still need to do it, or you risk queued mail being lost if the maintenance goes wrong.
For info, the link to Michael’s Maintenance Mode script above is now a 404. Looks like it needs to go to this page
https://vanhybrid.com/2015/07/20/script-putting-exchange-server-2013-into-maintenance-mode/
We got problem with CU12. We have 2 MBX-servers and 1 CAS in front. Setup went fine on MBX-servers. Unfortunately setup stoppet on step 3 of 5 with an unhandled exception and only a close-button and a text containing
Problem signature:
Problem Event Name: CLR20r3
Problem Signature 01: DependentAssemblyGenerator.exe
Problem Signature 02: 15.0.1178.0
Problem Signature 03: 568db3b7
Problem Signature 04: mscorlib
Problem Signature 05: 4.0.30319.34209
Problem Signature 06: 53489fcf
Problem Signature 07: 4524
Problem Signature 08: 13c
Problem Signature 09: System.UnauthorizedAccess
OS Version: 6.2.9200.2.0.0.272.7
Locale ID: 1044
Additional Information 1: b330
Additional Information 2: b33007b9c9016bfb24d0229578114157
Additional Information 3: c561
Additional Information 4: c561f660eddeaff463c95a13fe957cb3
After that setup tried to continue to step 4 of 5 (Finalizing Setup) but exited out and gave me a flood of similiar errors about DependentAssemblyGenerator and lack of access.
We rebooted CAS-server, but it was clear that it was currently in an inconsistent state. The Powershell execution policy was set to signed, so I set it to “Unrestricted” as recommended in this point over here:
Set the PowerShell execution policy on each server being upgraded to Unrestricted, as this may sometimes cause issues with update. Refer to KB981474.
I reran setup and the setup fortunately continued and seemingly came to 100% right before it suddenly exited with no message. Rebooted the server, and all worked fine. You should probably not underestimate the importance of that Powershell execution policy.
i followed the advise on http://forums.whirlpool.net.au/archive/2480914 to edit the web.config file and then i retry recreating the outlook profile, rebooted the server and now it works.
Now CU12 installed successfully, but users can only access owa. All of their desktop outlook cannot connect to the exchange server.
Which/where is the certificate file? Any chance we can manually do something to it to renew it on the server without having to go through GUI?
EAC is just presenting a way to manage certificates for Exchange. A certificate is a certificate. You can manage it through IIS if you need to (should be able to do the renewal that way) or using the Certificates snap-in in MMC.
If you’re still stuck and your server is still non-operational I recommend you open a Microsoft support case to get them to help you recover the server.
In future, it’s a good idea to keep an eye on your Exchange certificates and renew them before they expire.
the best practise analyser said the registry value maxuserport on registry key systemcurrentcontrolsetservicestcpipparameters isnt set to 60000.
well, do i launch regedit and find hkey_current_configsystemcurrentcontrolsetservices and create a tree for tcpip if it does not exist?
I’ll give it one more shot by adjusting the date to 19/4/2012. Would exchange 2013 work if i just ignore the rest of the steps in the CU setup and run? how do we fix the Something went wrong screen that show no specific details? Is a complete reinstall of exchange 2013 feasible? Can’t rescue any database/data? How do we bloody renew the certificate if the EAC on IIS cannot be browsed?
Install still failed at 100% about certificate expired. I have already set the date to 19/4/2013. What can i do?
I tried to goto EAC to try regenerate a new certificate but the intranet website cannot be accessed. At this moment I’m trying to change system clock to 4 years ago to see if it can succeed.
I really don’t recommend doing that.
Our CU12 update setup failed when the “Mailbox role: Transport service” finished at 100% with the following. What can we do?:
Error:
The following error was generated when “$error.Clear();
Install-ExchangeCertificate -services IIS -DOmainController $RoleDomainController
if ($RolesDatacenter -ne $true -And $RolePartnerHosted -ne $true)
{
Install-AuthCertificate -DomainController $RoleDomainController
}
” was run: “System.Security.Cryptography.CryptographicException: The certificate is expired.
at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception, ErrorCategory errorCategory, Object target, String helpUrl)
at Microsoft.Exchange.Management.SystemCOnfigurationTasks.InstallExchangeCertificate.InternalProcessRecord()
at Microsoft.Exchange.COnfiguration.Tasks.Task,b_b()
at Microsoft.Exchange.COnfiguration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineFailed)”.
“The certificate is expired.”
Your certificate has expired. It will need to be renewed or replaced.
If I try to launch EAC, the browser goes to https://localhost/ecp/?ExchClientVer=15 with a server error/ configuration error: Could not load file or assembly Microsoft Exchange Clients Strings, Version=15.0.0… The system cannot find the file specified.
Looking at IIS, the full collection of certificates did not expire except the SSL one for the mail.mydomain.com cert which expired in 2015. Winding back the clock does not help prevent the error. So is the solution to add a simple mail server role, temporarily disable exchange, and get the new cert?
We have never updated exchange 2013 running win2012. Recently we noticed the “Something went wrong” screen when accessing owa. this screen has no details of the actual error, so we are trying luck with installing CU12. do you think it will solve the problem, or are there other things we can do?
Hi Paul,
I skipped CU 10 & 11 can I just go straight to CU 12 for exchange 2013?
Kind Regards
Each CU is a complete build of Exchange encompassing all previous fixes and updates, so you can always install or upgrade with the very latest CU.
Pingback: обновление Exchange (режим обслуживания) — rusmandalay
Hello,
Just wanted to ask like how long will it take to do a massive jump update from CU2 to CU11.
Hi Pual
This atricle (removed) recommend upgrading the CAS servers first, followed by the mailbox servers in the 2CAS+2Mailbox DAG Exchange 2013 environment .
But in your guide give me this steps:The first servers to be updated in a site are the Mailbox servers.The Client Access servers are updated second.Edge Transport servers can be updated last.
I’m confused…..
Mailbox first, then CAS. If you follow Microsoft’s best practices and deploy multi-role servers then it becomes irrelevant.
Thanks for your quickly reply,i’ll be follow this guide to upgrade the server from CU7 to CU11 and wish everything goes well.
Many thanks.
Hi Paul.
It’s safe to delete all the extracted files, after the installation finished.
Yes.
Pingback: February 2016 Updates for Exchange 2016/2013/2010/2007
Hi Paul,
Just letting you know that Michael B Smith’s site link doesn’t work:
http://theessentialexchange.com/blogs/michael/archive/2013/03/14/powershell-quick-script-finding-the-exchange-schema-version.aspx
http://rickardnobel.se/verify-schema-versions-on-all-domain-controllers/ – might be a good link
Also Michael’s maintenance script link has been moved. It’s listed in the Exchange Gallery though:
https://gallery.technet.microsoft.com/office/Exchange-Server-2013-ff6c942f
That should be permanent link.
Cheers,
Hi Paul. I hope that you see this comment as I am sure you dont go back and read everything. got a quick question for you. Do I need to run Setup.exe /PrepareAD /IAcceptExchangeServerLicenceTerms on every server or just the first mailbox server to be updated?
AD only needs to be prepped once. That said, if you forgot to do it, the first server you run setup /m:upgrade on will automatically run the AD prep.
Pingback: مشکل گیر کردن ایمیل های سرور Exchange 2013 در Draft بعد از آپدیت ناموفق CU یا SP - راهکارهای جامع دیتاسنتر
Hi Paul,
First of a big thanks for the article 🙂 , i have a small query i have gone through the article again and again and have a small confusion on which server should i start first the CU updates.
Below is a high level infra details
3 nos of Multi role server in DAG in PROD AD site
2 nos of dedicated CAS server in CAS AD site (for External Connection)
1 Journaling in PROD AD site.
Now my confusion is should i start updating the multirole servers which are in DAG first or should i target the CAS server which are dedicated CAS site for external connection.
Also can i target the journaling server for upgrade simultaneously with other server as it is a standalone box.
P.S my 3 multirole server and CAS server sit behind the F5 HLB in diffrent pools.
Hi Paul,
were you able to check my query, it would be great to see you feed back on the same.
Top Guide 🙂
Update 2 DAG Server and 2 CAS.
The only thing i had to install was the Windows Feature RSAT-ADDS and the IIS 6.0 Resource Kit.
Perfect Guide.
Big Thx for that Great work
Hi Paul,
I am getting error when upgrading exchange 2013 cu3 to CU7 getting the error below. we have created additional active sync and Owa virtual directory ,
C:\>cd TempCU7
C:TempCU7>setup.exe /m:upgrade /IAcceptExchangeServerLicenseTerms
Welcome to Microsoft Exchange Server 2013 Cumulative Update 7 Unattended Setup
Copying Files…
File copy complete. Setup will now collect additional information needed for
installation.
Languages
Client Access role: Client Access Front End service FAILED
The following error was generated when “$error.Clear();
$fe = get-ActiveSyncVirtualDirectory -server $RoleFqdnOrName -DomainCo
ntroller $RoleDomainController -ErrorAction SilentlyContinue;
if ($fe -eq $null)
{
new-ActiveSyncVirtualDirectory -DomainController $RoleDomainControll
er -Role ClientAccess;
}
else
{
update-ActiveSyncVirtualDirectory $fe -DomainController $RoleDomainC
ontroller -InstallIsapiFilter $true
}
” was run: “System.Management.Automation.ParameterBindingException: Cann
ot convert ‘System.Object[]’ to the type ‘Microsoft.Exchange.Configuration.Tasks
.VirtualDirectoryIdParameter’ required by parameter ‘Identity’. Specified method
is not supported. —> System.NotSupportedException: Specified method is not su
pported.
at System.Management.Automation.ParameterBinderBase.CoerceTypeAsNeeded(Comman
dParameterInternal argument, String parameterName, Type toType, ParameterCollect
ionTypeInformation collectionTypeInfo, Object currentValue)
— End of inner exception stack trace —
at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecute
Enumerate(Object input, Hashtable errorResults, Boolean enumerate)
at System.Management.Automation.PipelineOps.InvokePipeline(Object input, Bool
ean ignoreInput, CommandParameterInternal[][] pipeElements, CommandBaseAst[] pip
eElementAsts, CommandRedirection[][] commandRedirections, FunctionContext funcCo
ntext)
at System.Management.Automation.Interpreter.ActionCallInstruction`6.Run(Inter
pretedFrame frame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.R
un(InterpretedFrame frame)”.
The Exchange Server setup operation didn’t complete. More details can be found
in ExchangeSetup.log located in the :ExchangeSetupLogs folder.
Why CU7? It’s already unsupported, CU10 and CU11 are the current support builds.
Keep in mind there’s only one supported way to add OWA/ECP virtual directories to Exchange 2013, documented here:
http://blogs.technet.com/b/exchange/archive/2015/02/11/configuring-multiple-owa-ecp-virtual-directories-on-the-exchange-2013-client-access-server-role.aspx
Not sure whether adding ActiveSync vdirs is supported at all.
Either way, if that is the most obvious way your server deviates from a normal server, then removing those vdirs would be a good idea.
Thank you Paul…. I have removed Additional created Activesync virualdirectory , now able to rollout CU7,
Pingback: Exchange Best Practices: Keeping Servers Updates
Pingback: Exchange 2013 CU3 and Exchange 2010 SP3 UR3 released!
I’m have a multi-role DAG, half are active servers, half are passive. Could I bypass maintenance mode and simply switchover the active databases on a server and proceed with the CU?
You can skip any steps you like since you are the person who will be dealing with the consequences.
Or you can just follow the recommended procedures, which exist for good reason.
Pingback: Fixed - Exchange 2013 Emails Stuck in Drafts After Failed CU or SP Update | Nar Guide
Pingback: Exchange Server 2013 Cumulative Update 11 Released
Hi Paul!
Can I directly upgrade Exchange 2013 SP1 to CU10? It’s supported?
See answer above.
Hi Paul,
I have Single Server Exchange 2013 (all roles on same server) with CU5. Can I directly upgrade it to CU10 ? or shall I have to go through one by one installing all the CU’s ?
Thanks.
It is possible, and supported, to always update directly to the latest build. But only the N-2 scenarios are tested. So it’s possible you’ll run into a previously unknown issue going CU5 -> CU10. I’ve done various upgrades that were more than N-2 in the past with no issues, and only occasionally run into issues with N-3 or more that are covered in the cautionary notes in the blog post above.
Hi Paul- just reviewing a RAP done by MS on an organisation I am contracting for now with a Hybrid 2010/13 exchange over two nodes. They have quoted
“You should upgrade your client access servers with service packs and hotfixes before upgrading the mailbox servers, unless directed otherwise in the release notes. ”
I thought it was the other way round- mailbox first? And if they are multi role servers (which all of these are) then I ignore this correct?
The customer is entitled to seek clarification of advice given in a RAP, so that would be the best course of action.
I thought 2013 was Mailbox first, but then I always deploy multi-role so it’s not something I ever have to think about.
Would maybe be good to add a little note about Exchange UM language packs. My experience is that you have to uninstall them and then re-install the updated versions. Otherwise…great post.
I have one Exchange Server 2013, but 2 domains in the forest. Both domains have users with mailboxes. I would like to upgrade from SP1 to CU10.
Do I have to run the
“setup.exe /PrepareDomain /IAcceptExchangeServerLicenseTerms” in both domains?
Many thanks
Dave
I will add my 2 cents off lessons learnt after upgrading a 6-servers/2DAGs environment from CU4(SP1) to CU8:
1. Follow exactly all the steps given in this article and additionally:
2. Uncheck “Check for publisher’s certificate revocation” in IE options – advanced – security. It will save you hours of nail-biting in front of your screen.
3. Disable your antivirus client
can we install fresh exchange 2013 sp1 CU1 on server where schema update is already CU7 as there are already exchange servers 2013 who have CU7 update.
is there any possibility of issue while installing exchange 2013 CU1?
CU1 is no longer supported so you should not install it.
Paul,
Before I get started I have 2 CAS and 2 MBX servers with 1 DAG. Server A and Server B have their primary own databases. MBX Server A and has a copy on MBX Server B. Server B has a copy on Server A. How would I start this if both servers active servers?
For example: If I started with MBX Server B. Would I failover MBX Server B to A, follow your guide, and then apply the updates? Then failover to B and then continue with A? Or is this not possible?
I’m confused by your description but I’m going to assume what you’re saying is that each of your databases has a copy on each of the DAG members.
Yes, follow the update procedure demonstrated above.
We have an active active setup. But based on your answer we should be fine…
Thanks!
Good thing there is a script available. 🙂
Final question on this topic, would you recommend updating one DAG member first and then waiting until the following weekend to update the rest of the DAG members to make sure there were no issues with the updates (if a lab environment is not available for testing)
Sure, that approach is fine.
Do we need to follow the same procedures (excluding AD preparation) for your monthly Windows security updates?
Yes.
Hi Sir Paul,
We have Exchange 2013 SP1 and are looking to install CU7. I have downloaded and extracted the set-up files, however when try to run the update I receive a number of concerning errors regarding Active Directory.
I am aware that the update will require Schema updates, however I thought the GUI installed handled these for me.
Exchange is deployed at a AD site that is not in the same site as the Schema Master. Could this be the issue? Do I have to update the schema manually?
My account is already member of Enterprise Admin, Schema admin
Errors are below
Error:
The Mailbox server role isn’t installed on this computer.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.UnifiedMessagingRoleNotInstalled.aspx
Error:
The Mailbox server role isn’t installed on this computer.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.BridgeheadRoleNotInstalled.aspx
Error:
Setup can’t continue with the upgrade because the perfmon (2112) has open files. Close the process, and then restart Setup.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.ProcessNeedsToBeClosedOnUpgrade.aspx
Error:
The Active Directory schema isn’t up-to-date, and this user account isn’t a member of the ‘Schema Admins’ and/or ‘Enterprise Admins’ groups.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.SchemaUpdateRequired.aspx
Error:
Global updates need to be made to Active Directory, and this user account isn’t a member of the ‘Enterprise Admins’ group.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.GlobalUpdateRequired.aspx
Error:
You must be a member of the ‘Organization Management’ role group or a member of the ‘Enterprise Admins’ group to continue.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.GlobalServerInstall.aspx
Error:
You must use an account that’s a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedBridgeheadFirstInstall.aspx
Error:
You must use an account that’s a member of the Organization Management role group to install the first Client Access server role in the topology.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedCafeFirstInstall.aspx
Error:
You must use an account that’s a member of the Organization Management role group to install the first Client Access server role in the topology.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedFrontendTransportFirstInstall.aspx
Error:
You must use an account that’s a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedMailboxFirstInstall.aspx
Error:
You must use an account that’s a member of the Organization Management role group to install or upgrade the first Client Access server role in the topology.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedClientAccessFirstInstall.aspx
Error:
You must use an account that’s a member of the Organization Management role group to install the first Mailbox server role in the topology.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedUnifiedMessagingFirstInstall.aspx
Error:
Setup encountered a problem while validating the state of Active Directory: Exchange organization-level objects have not been created, and setup cannot create them because the local computer is not in the same domain and site as the schema master. Run setup with the /prepareAD parameter on a computer in the domain powerplay and site Default-First-Site-Name, and wait for replication to complete. See the Exchange setup log for more information on this error.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.AdInitErrorRule.aspx
Error:
The forest functional level of the current Active Directory forest is not Windows Server 2003 native or later. To install Exchange Server 2013, the forest functional level must be at least Windows Server 2003 native.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.ForestLevelNotWin2003Native.aspx
Error:
The Mailbox server role isn’t installed on this computer.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.MailboxRoleNotInstalled.aspx
Error:
Either Active Directory doesn’t exist, or it can’t be contacted.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.CannotAccessAD.aspx
Warning:
Setup will prepare the organization for Exchange 2013 by using ‘Setup /PrepareAD’. No Exchange 2007 server roles have been detected in this topology. After this operation, you will not be able to install any Exchange 2007 servers.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.NoE12ServerWarning.aspx
Warning:
Setup will prepare the organization for Exchange 2013 by using ‘Setup /PrepareAD’. No Exchange 2010 server roles have been detected in this topology. After this operation, you will not be able to install any Exchange 2010 servers.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.NoE14ServerWarning.aspx
-Nick
As always, your contributions to the Exchange Admin world are very much appreciated.
I am making every effort to apply CU7 to E2K13 SP1 and it’s been riddled with problems just about every step of the way. My stumbling block at the moment is “setup cannot continue with the upgrade because the setupui has open files.” I have restarted the VMs, run Sysinternals Process analyzer and confirmed nobody else has a session on the box.
Do you have any suggestions on where I might look?
Thank you!
Marty
Running the upgrade in GUI or cmd line?
I tried running the setup via both GUI and command line and had the same result. Got it all worked out though. This particular VM had a problem with a cert and Windows Manager. The WMSVC service would not start. Generating a self-signed cert and assigning it to WMSVC got me through the update.
Just wanted to say thank you for all you do. I refer to your articles whenever I work on my E2K13 server! BC
Paul, you mention upgrading the Mailbox before the CAS. This is different from earlier versions of Exchange where you start at the CAS, then Hub, etc and mailbox last. Is there any official documentation on the server role order to install Exchange 2013 CUs? I’m having trouble finding any. Thanks!
Yes it is different. No I can’t find any “official” source for that online.
If you run the upgrade on a multi-role server, you will see that Setup always upgrades the Mailbox role before the CAS role.
hi paul
please clearly say to me updating exchange 2013 RTM to CU7 needs the AD preparation in Graphical mode? my exchange roles are in single server plaese show me all of the steps in graphical mode upgrading
Pingback: Installing Updates in Exchange Server 2013 | Technical Reference
Pingback: Exchange 2013 CU3 and Exchange 2010 SP3 UR3 released! | Pro-Exchange, Lync & Office 365
Pingback: New Updates for Exchange Server 2013, 2010 and 2007
Please help I am having this error below on step 8 of 15 mailbox role:transport service
Error:
The following error was generated when “$error.Clear();
$vdirName = “PowerShell”;
$InternalPowerShellUrl=”http://” + $RoleFqdnOrName + “/powershell”;
new-PowerShellVirtualDirectory $vdirName -Role Mailbox -InternalUrl $InternalPowerShellUrl -DomainController $RoleDomainController -BasicAuthentication:$false -WindowsAuthentication:$false -RequireSSL:$false -WebSiteName “Default Web Site” -AppPoolId “MSExchangePowerShellFrontEndAppPool”;
new-PowerShellVirtualDirectory $vdirName -Role Mailbox -DomainController $RoleDomainController -BasicAuthentication:$false -WindowsAuthentication:$true -RequireSSL:$true -WebSiteName “Exchange Back End” -Path ($RoleInstallPath + “ClientAccessPowerShell-Proxy”);
” was run: “The virtual directory ‘PowerShell’ already exists under ‘MIMMAIL.mm.co.mw/Default Web Site’.
Parameter name: VirtualDirectoryName”.
HI Paul;
it was great reading this article, i want to discuss my Problem of outlook users being prompted for passwords .
following is the configuration
AD site 1 : 2 malbox servers & 2 CAS servers running Exchange 2013 CU3
AD site 2 : 1 malbox server & 1 CAS server running Exchange 2013 CU3
Edge Transport Server: Exchange 2010 SP-3
users : Windows 7 / outlook 2010 & 13 Compliant with (http://technet.microsoft.com/library/ee681792%28v=office.15%29)
while outlook running perfectly suddenly a password pop up ofccures, even after providing credentials for 5 / 10 times are not authenticated.i googled it around & realized that this is a common issue after CU3 deployment. i ran Get-OutlookAnywhere and found my authentication setting are set as Basic, Negotiate and NTLM as described in http://edsitonline.com/2013/11/29/outlook-usernamepassword-popups-after-exchange-2013-cu3-upgrade/ (i though i did not change my current setting as recommended in the page).
modified users outlook profile by unchecking “download shared folder” and set the authentication from negotiate to kerbros as mentioned in https://social.technet.microsoft.com/Forums/office/en-US/11370f4d-b931-4338-8ab7-acc9e1a231e0/outlook-2013-asks-for-credentials-connecting-to-exchange-2010-multiple-times?forum=officeitpro
although it worked for some days but again the same problem.
now i am thinking to upgrade my CAS servers only from CU3 to CU6 released in august earlier this year.
in my opinion any schema extention / prepareAD / PrepareDomain is not required in our case because i had CU3(please confirm).
please also suggest if i can modify the authentication settings as mentioned in http://edsitonline.com/2013/11/29/outlook-usernamepassword-popups-after-exchange-2013-cu3-upgrade/ because my only pain is to stop password prompts.
Are there any set-servercompnentstate or other maintenance mode commands we should run on a CAS only server or can we just apply the updates?
Basically just take them out of your load balancing (whether that is a HLB or DNS RR or anything else).
Thanks Paul! It is only DNS RR at the moment. We are trying to get a load balancer purchased. 🙂
Hello
I am update exchange sp1 to cu5 but for some problem i want to downgrade to sp1
i install new Mailbox and CAS SP1
now i problem with active directory schema , i want to restore AD schema to exchange sp1
can you help me ?
thank
I have Exchange 2013 SP1 servers with role: Mailbox, CAS and Edge.
I want to install cu6 (http://www.microsoft.com/en-us/download/details.aspx?id=44022)
what is the procedure for updating the Exchange Server 2013?
I think that at first it is necessary to update the Mailbox-server, at second CAS-server, at third Edge-servers.
Am I right?
A good place to start would be this very article that you’re commenting on.
Thanks for the answer, but please reply to the order in which it is necessary to update the server?
Pingback: Exchange Server 2013 Cumulative Update 6 Released
Pingback: Exchange Server 2013 Cumulative Update 6 Released | iRanges - #1 Team of Certified and Experienced IT Professionals in Canada
Pingback: Fatshark's Personal Blog
Pingback: What Does DatabaseCopyActivationDisabledAndMoveNow Do?
Pingback: Fatshark's Personal Blog
Pingback: wedding memories
Pingback: Microsoft releases Exchange 2013 Cumulative Update 5 and Exchange 2010 Update Rollup 6 | Michael 'Van Hybrid' / Van Horenbeeck
Hello Paul
i am having issues with installation of Exchange 2013 SP1.
i have 3 Exchange servers across two AD sites. Each server holds both Mailbox and CA role.
The Exchange Servers are not fully operational yet but we already created all the mailboxes on them. I attempted to install the 2013 SP1, starting with setup /prepareschema command. The command was executed successfully but got the error below when i ram setup /preparead commands
=================================================================================
Welcome to Microsoft Exchange Server 2013 Service Pack 1 Unattended Setup
Copying Files…
File copy complete. Setup will now collect additional information needed for
installation.
Performing Microsoft Exchange Server Prerequisite Check
Prerequisite Analysis COMPLETED
Configuring Microsoft Exchange Server
Organization Preparation FAILED
The following error was generated when “$error.Clear();
initialize-ExchangeUniversalGroups -DomainController $RoleDomainController -ActiveDirectorySplitPermissions $RoleActiveDirectorySplitPermissions
” was run: “Active Directory operation failed on apl.com. One or more attribute entries of the object ‘CN=Organization Management,OU=Microsoft Exchange Security Groups,DC=apl,DC=com’ already exists.”.
The Exchange Server setup operation didn’t complete. More details can be found in ExchangeSetup.log located in the :ExchangeSetupLogs folder.
=====================================================================================
The three exchange servers were just installed and configured last week. we want to make sure we have the latest update on the exchange servers before we go live.
Do you have any idea what i can do to resolve this issue.
Pingback: In nuce: Cumulatives Update oder Service Pack für Exchange 2013 installieren | DeBugIT - IT Blog
I’m sure you don’t find a better article for installing CU!
Btw, I’m just doing CU3 in my lab with the help of your article. Thank you Paul 🙂
Pingback: Upgrading Exchange Server 2013 to Service Pack 1
Hi Paul,
Can we update to CU3 directly from RTM (build 516.32)? Is the procedure same to this posting?
Thanks,
Michael
Yes. CUs and Service Packs are full builds of the product. You can always go straight to the latest CU or Service Pack.
Hi Paul
No mention of the steps for
Get-ExecutionPolicy cmdlet from PowerShell
Can you clarify which execution policies need to be set to unrestricted?
MachinePolicy
UserPolicy
Process
CurrentUser
LocalMachine
We believe it should only be MP and LM.
Thanks
Hi,
Great Article …. Thanks.
I have 4 Servers for exchange 2 Mailbox and 2 CAS Servers …. just installed exchange on all the servers and not yet created DAG or configured the mail-flow ( i mean post installation tasks) . Can i update to CU3 now ?
What steps do i need to follow ?
Thanks .
below is the script I put together to help me with migrations and update procedures. I use this all the time to gather CAS information.
start-transcript -path c:tempCASConfig.txt -append
get-clientaccessserver | fl Name,fqdn,Out*,*uri,*site*,*version,orig*
get-autodiscovervirtualdirectory -adpropertiesonly | fl server,identity,name,*url,*version,orig*
get-webservicesvirtualdirectory -adpropertiesonly | fl server,identity,name,*url,*mrs,*version,orig*
get-oabvirtualdirectory -adpropertiesonly | fl server,identity,name,*url,*version,orig*
get-owavirtualdirectory -adpropertiesonly | fl server,identity,name,*url,logon*,*version,orig*
get-ecpvirtualdirectory -adpropertiesonly | fl server,identity,name,*url,*version,orig*
get-ActiveSyncvirtualdirectory -adpropertiesonly | fl server,identity,name,activesyncserver,*url,*version,orig*
Get-OutlookAnywhere -ADPropertiesOnly | fl server,name,External*,*auth*
stop-transcript
That is a great script. Thanks a lot. did you manage to get anything together for the IIS Authentication?
As a value add:
I followed this guide and installed CU3 onto a CU2 DAG environment and the only thing I wanted to note is I noticed only the External URL of the ActiveSync virtual directory was set to $null post install. This happened on each of the nodes of the cluster. I changed the setting back to what I needed it to be before bringing the node out of maintenance mode and had great success with all Exchange functions. Thanks again for your insight Paul!
If I could add anything the settings we typically see change with SP’s and CU’s are Virtual directory settings and the Authentication and SSL settings in IIS. I have created scripts to grab the CAS virtual directory settings before running updates so I can verify the settings after updates easier. I would like to get a similar script for gathering the IIS Authentication and SSL settings if anyone is interested in helping. I can upload the CAS script if anyone is interested.
Hi Brandon,
Don’t know if you still have these scripts around because I am interessed in 🙂
Many Thanks in advance,
Pingback: Exchange 2013 OWA & ECP failure after deploying CU3 | ucbite
Hello,
I have something very strange with my CU3.
I download the “Exchange2013-x64-cu3.exe” and when I launch the setup in GUI I see correctly “Welcome … Exchange Server 2013 CU3 …”
When I launch in powershell for update the schema I have :
Welcome to the unattended Setup of Microsoft Exchange Server 2013 with Cumulative Update 2
After the update of schema the version of schema is always the same : “15281 (CU2)” and not 15283 (CU3)
Is it normal ?
Thank’s.
hi ,
After update cu2 send messages Stuck in Drafts too.
After update cu1 send messages Stuck in Drafts 🙁 why???
AM ALSO FACING SAMEPROBLEM,BUT I REALISED THIS STARTS AFTER PUTTING SERVER INTO MAINTANANCE MODE
This is what I did, i prepared schema, AD and domain before I could install the cumulative update. After that i did not put my server in maintenance mode as Paul advised.I went ahead and installed the cumulative update and it was succefull.
Hi Paul,
In my case, Exchange installed on a different directory other than the default one C:
Do I need to specify the directory name while running the below command?
Setup /m:upgrade /IAcceptExchangeServerLicenseTerms
or the upgrade switch will automatically get the directory in which exchange is installed.
Please advice…
No, you don’t need to specify the install directory for an upgrade.
Hi Paul
I have an issue with my environment after installing CU2. I’ve been on to MS support and they reckon CAS servers should be upgraded before MB servers.
What are your thoughts?
Preston
It looks like the maintenance mode script changed to her, FYI
http://michaelvh.wordpress.com/2013/04/08/script-putting-exchange-server-2013-into-maintenance-mode/
Hi,
Is that CU1 requires RTM preinstalled or it can be freshly build.
CU1 is a complete build, you don’t need to install RTM first.
Kindly provide SP1 as it is not available in Microsoft or google world.
Pingback: Exchange Server 2013 RTM Cumulative Update 1 (CU1) Released
Awesome write up. Big help thanks mate.