Microsoft has released Service Pack 3 for Exchange Server 2010. This is a significant release that delivers some key functionality to customers such as support for Windows Server 2012, support for co-existence with Exchange Server 2013 CU1, and general bug fixes and security updates.

If you are planning to upgrade your Exchange 2010 servers to SP3 you should be aware that there is an Active Directory schema update involved. If that is a concern for your environment, but you still want the bug fixes and security updates, you might consider sticking with Service Pack 2 and applying Update Rollup 6 instead.

At the time of this writing there are some points in the various release notes that aren’t correct or fully updated yet that Microsoft are still working on or that are worth some clarification:

  • Exchange 2010 SP3 is listed as including all security bug fixes up to SP2 UR5-v2. It actually includes all security and bug fixes up to SP2 UR6.
  • The SP3 release notes state you can only install on Windows Server 2008 SP2 or 2008 R2. You can actually install on Windows Server 2012, although exact pre-requisite guidance may not be available yet.
  • The support for Windows Server 2012 includes both the installation of SP3 on Server 2012, and the interoperability of Exchange 2010 SP3 with Server 2012 domain controllers.
  • The support for Windows Server 2012, which ships with PowerShell 3, does not mean that Exchange 2010 SP3 also supports upgrading to PowerShell 3 on other operating systems.
  • The co-existence support for Exchange 2013 does not apply to Exchange 2013 RTM, but rather Exchange 2013 CU1 (cumulative update 1) due for release in Q1 of 2013 (within about 6 weeks from the time of this writing)

Preparing to Upgrade to Exchange 2010 SP3

You can download Exchange 2010 Service Pack 3 here and extract the files ready to be installed on your servers.

Upgrade your servers in the following order:

  1. Client Access servers (beginning with the internet-facing site)
  2. Hub Transport and Edge Transport servers
  3. Mailbox servers
  4. Unified Messaging servers

You should also plan to update any management tools installations you have on admin workstations or servers, and also check your third party applications that integrate with Exchange in case they also need updated management tools.

I’m going to walk through the upgrade process in some more detail next, and also provide some general guidance afterwards about the Service Pack 3 installation steps as well as what to expect in terms of timing and service interruptions.

Applying the Schema Update

If you have an AD forest topology with multiple domains, or process restrictions that require schema updates to be managed a certain way, you can apply the Exchange 2010 SP3 schema update on a 64-bit domain controller that is in the same AD site as the Schema Master, using an account with Schema Admins and Enterprise Admins rights.

C:AdminEx2010SP3>setup.exe /PrepareAD

Otherwise the schema update will be applied when you upgrade the first Exchange server.

Updating Client Access Servers to Exchange 2010 SP3

Client Access servers are the first server role to update, and you should begin with the internet-facing site if you have multiple sites in your organization.

For Client Access servers that are in a CAS Array you should remove some of the servers (eg half of them) from the load balancer configuration, upgrade them, re-add them to the load balancer, then repeat the process with the remaining Client Access servers in that load balanced array.

For an example of how to do this with Windows NLB see the following article:

For other load balancers refer to your vendor documentation for how to take servers out of the load balanced array for maintenance and updates.

Updating Mailbox Servers to Exchange 2010 SP3

I admit I was concerned when I read the release notes for Exchange 2010 SP3 that state:

The database schema has been updated in Exchange 2010 SP3. As a result, when Mailbox servers are upgraded to Exchange 2010 SP3, the databases are upgraded to the Exchange 2010 SP3 version of the database schema…

During the upgrade, the database is dismounted, and all mailboxes in that database are taken offline.

This seemed to be a major issue to me until I performed the upgrade in my test lab. The statement above is correct for standalone mailbox servers, which is expected.

However for an Exchange 2010 Database Availability Group the upgrade process can be performed with no downtime following the normal process of moving active databases off DAG members while they are being updated.

You can use the standard process as demonstrated here:

However, be aware that once a database has been made active on an Exchange 2010 SP3 member of the DAG, it can’t be made active on a pre-SP3 DAG member again. This means that you will need to roll through your entire DAG upgrading to Service Pack 3 to retain the full availability resilience your DAG is designed to provide.

Upgrading Other Server Roles to Exchange 2010 SP3

For Hub Transport, Edge Transport, and Unified Messaging servers there are no special steps required other than to manage your upgrades in a way that aligns with whatever high availability you have in place or those server roles. For example if you have two Hub Transport servers in a site, upgrade them one at a time.

Exchange 2010 Service Pack 3 Step by Step

The upgrades steps are very straightforward and easy to follow. Extract the SP3 files to a folder and run Setup.exe. When the splash dialog appears click Install Microsoft Exchange Server upgrade.


You’ll need to click through the usual introduction and license agreement.



Next the Readiness Checks will be performed. Any errors will prevent you from proceeding. Warnings will not prevent you from proceeding, but you should pay attention to them anyway as they are often important.

Remember, if you’re upgrading CAS Array or DAG members refer to the guidance above.

Click Upgrade when you’re ready to proceed.


The actual installation time will vary depending on the server roles installed, and whether you’re upgrading from a very recent or much older Service Pack level of Exchange.


When the installation has all completed successfully click the Finish button.


Each of my test lab servers took between 20 and 30 minutes to upgrade, but your performance will no doubt vary.

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for


  1. Jason

    Thanks for that my dear fellas!

  2. Jose

    Can you help Me i’m triying to update the server i’m copy the error when im installin SP# on the CAS:

    after the pre-requisites :

    The following error was generated when “$error.creal():
    if($roleDomain -ne $null)
    initialize-ExchangeLegacyPermissions -Domain $RoleDomain-

  3. Carl

    Hi Paul!

    Do I need to raise the level before installing the SP3 ?

    My environment has 1 Exchange 2010 SP2 (all features in a single Server).

    Domain and Forest Level are 2003.

    The OS of my DC and Exchange are 2008 R2 SP1.

    Thank you!

  4. AA

    Hi Paul,

    Please give some hint on above issue.

  5. AA

    Hi Paul,

    My Exchange 2010 SP3 is failing on one of the DAG member. Please see below error and help me.
    Microsoft.Exchange.Management.Deployment.ExsetdataException: An error occurred with error code ‘4294967295’ and message ‘The operation was canceled.’.
    [03/11/2018 04:35:41.0291] [1] [ERROR] The following error was generated when “$error.Clear();
    buildToBuildUpgrade-ExsetdataAtom -AtomName MDB -DomainController $RoleDomainController

    ” was run: “An error occurred with error code ‘4294967295’ and message ‘The operation was canceled.’.”.
    [03/11/2018 04:35:41.0291] [1] [ERROR] An error occurred with error code ‘4294967295’ and message ‘The operation was canceled.’.
    [03/11/2018 04:35:41.0291] [1] [ERROR-REFERENCE] Id=LegacyMDBComponent___3d52c6281600447dae96b445626aedb1 Component=EXCHANGE14:\Current\Release\Shared\Datacenter\Setup

    1. AA

      Few more entries from exchangesetup.log where setup start giving errors.
      [03/11/2018 04:35:41.0276] [2] Interpreting line — ID:31259 —
      [03/11/2018 04:35:41.0276] [2] ScRegDeleteValuePath (f:\14.03.0123\sources\dev\admin\src\libs\exsetup\hiddenw1.cxx:1621)
      Error code 0XFFFFFFFF (65535): The operation was canceled.
      [03/11/2018 04:35:41.0276] [2] CInsParser::ScProcessLine (f:\14.03.0123\sources\dev\admin\src\libs\exsetup\hiddenw1.cxx:1202)
      Error code 0XFFFFFFFF (65535): The operation was canceled.
      [03/11/2018 04:35:41.0276] [2] Processing file ‘D:\Program Files\Microsoft\Exchange Server\V14\Setup\data\mdb_reg.ins’, at or near line 91 (DeleteValue:MacCreatorTypes) — ID:31111 — CInsParser::ScProcessLine (f:\14.03.0123\sources\dev\admin\src\libs\exsetup\hiddenw1.cxx:491)
      Error code 0XFFFFFFFF (65535): The operation was canceled.
      [03/11/2018 04:35:41.0276] [2] Registry file name: ‘D:\Program Files\Microsoft\Exchange Server\V14\Setup\data\mdb_reg.ins’ CRegistryManager::ScProcessFile (f:\14.03.0123\sources\dev\admin\src\udog\setupbase\tools\regmgr.cxx:127)
      Error code 0XFFFFFFFF (65535): The operation was canceled.

  6. Mitul Sinha

    Hey Paul,

    This is Mitul

    I have a scenario like I am using on-Premises Windows Server 2012 R2 having Exchange Server 2010 SP1 and earlier it is possible to migrate your On-premises having Exchange Server 2010 SP1 mailboxes to O365 and most of the mailboxes had been migrated to O365 but now by default Microsoft changed the prerequisites to have Exchange Server 2010 SP3 in on-premises if they want to move to O365

    So my question is if I want to swap Exchange Server 2010 SP3 from SP1 whether it will effect to the mailboxes in O365?

  7. Navneet Maharaj

    Dear Paul,

    We have 24 exchange 2010 SP2 UR6 servers in our organisation (Schema version 147320) with Active Directory Schema Domain Functional level (Schema Version 44) – Windows 2003. We are in the process of upgrading our AD to Windows 2012 R2 however we understand that we need to upgrade Exchange 2010 to SP3 UR6 for compatibility. Please advise if Windows 2003 AD can support Exchange 2010 SP3 and i have following roles installed on my server therefore which server needs to upgraded first.

    Server A – CAS,HT,MBX
    Server B – CAS,HT
    Server C – HT,MBX
    Server C – CAS

    All the CAS are internet facing and we have CAS site proxying enabled. Any help would be appreciated.

  8. Wilson Ma

    For your findings that:

    “However, be aware that once a database has been made active on an Exchange 2010 SP3 member of the DAG, it can’t be made active on a pre-SP3 DAG member again. This means that you will need to roll through your entire DAG upgrading to Service Pack 3 to retain the full availability resilience your DAG is designed to provide.”

    I perform the test and found that the database can still made active on pre-SP3 DAGmember after activation on SP3 DAG member. The Microsoft upgrade guide also not mention this, why you have this findings?

  9. Paul

    Hi Paul,

    Great article as ever, thank you.

    I’ve read elsewhere about installing Hotfix KB2550886 prior to this upgrade. The hotfix is to resolve a transient communication failure which then causes the failover cluster to stop working which then breaks the whole cluster.

    I appreciate that this is not an Exchange-specific issue but would appreciate your input.

    Many Thanks,

  10. tariq

    Configuring Microsoft Exchange Server
    Organization Preparation ……………………. FAILED
    The well-known object entry B:32:A7D2016C83F003458132789EEB127B84:CN=Exchange ServersADEL:a74ec49d-f2e2-4a31-8db4-48f4bb4e2cdf,CN=Deleted Objects,DC=xxxx,DC=xx of the otherWellKnownObjects attribute on container object CN=Configuration,DC=xxxx,DC=xx points to an invalid DN or a deleted object. Please remove the entry and rerun the task.

    when i go to ADSI i can not delete it manaually i get this error:

    there is no editor registered to handle this attribute type!!

    your support appreceated

  11. Sarfraz Aslam

    Hi Paul,

    We have Exhange 2010 SP3 RU 6 installed in our environment, can i directly install RU13 or should i install the missing roll ups between 6 to 13.

    Quick response is highly appreciated.


      1. Sarfraz Aslam

        Thank you Paul for your reply.


        1. Sarfraz Aslam

          One more thing, do we require to uninstall the previous Roll UP or not ?

  12. John Skelland

    Hi Paul, Thanks for the quickness in your reply.

    Yes send/receive connectors so glad everything is stored in AD. We are currently running 2012 AD, Domain and Forest which is supported with Exchange 2010 SP3.


    John English

  13. John English

    Hi Paul,

    Just been reading all of the issues on this page and this is not mentioned if you are able to assist please?

    We are on Exchange 2010 Sp2 RU6 and are planning to upgrade to 2010 Sp3. We have 2 x CAS Servers which also have the Hub Transport Role and 2 Mailbox Servers in a Dag configuration.

    I’ve already successfully updated the Schema a few weeks ago in preparation.

    I plan to complete the upgrade on both CAS first (not at the same time) then the backend DB servers.

    Other than the personalised OWA config is there any other settings that I need to backup and restore like Certificates, configurations settings, transport rules, mail flow etc.

    I just want to ensure nothing will be lost due to the lack of documentation for the current system.

    Many thanks

    John English

    1. Avatar photo
      Paul Cunningham

      Transport rules are stored in AD. I assume “mail flow” means send/receive connectors. Those are also stored in AD. Certificates are local to the server. You should have an export/backup of it stored somewhere anyway, but if the same cert is on both servers (which it should be) you can always export/import it if you need to recover your server.

  14. Tony Koer

    hi Paul
    I have 2 MB DAG and 2 HUBCAS (using NLB)
    I wana update from SP2 to SP3 inorder to go for Exchange 2016, I have the following questions
    Currently I have 2 MB n VMWare and I am in process of Migrating from VMware to Hyper V
    will it work if I install 2 new Exchange Mailbox SP3 with Latest RU on Hyper V and join then to the DAG – Sync all the mailbox – Set these servers as the active servers and take off the Old EX 2010 SP2 servers

    1. Avatar photo
      Paul Cunningham

      Theoretically yes, but my instincts tell me that approach might be risky. I would build a new, fully patched DAG with the new VMs, and do mailbox moves instead of trying to join them all to the same DAG.

  15. Vitthal Patil

    In my exchange organization, there are 2 CAS, hub transport servers, 2 mailbox servers, 1 edge transport server.
    I’m going to update SP3 to all my existing exchange servers.
    While preparing of AD in one of CAS server, below error occurred.

    E:SP3> /preparead

    Welcome to Microsoft Exchange Server 2010 Unattended Setup

    Preparing Exchange Setup

    Copying Setup Files COMPLETED

    No server roles will be installed

    Performing Microsoft Exchange Server Prerequisite Check

    Organization Checks COMPLETED

    Configuring Microsoft Exchange Server

    Organization Preparation FAILED
    The following error was generated when “$error.Clear();
    initialize-ExchangeUniversalGroups -DomainController $RoleDomainControll
    er -ActiveDirectorySplitPermissions $RoleActiveDirectorySplitPermissions

    ” was run: “Active Directory operation failed on dc.abcd.local. One or more att
    ribute entries of the object ‘CN=Organization Management,OU=Microsoft Exchange S
    ecurity Groups,DC=abcd,DC=local’ already exists.”.

    The Exchange Server setup operation didn’t complete. More details can be found
    in ExchangeSetup.log located in the :ExchangeSetupLogs folder.

    Exchange Server setup encountered an error.

    Please suggest me the solution to overcome this issue.

    1. Avatar photo
      Paul Cunningham

      I’ve never seen that before. I suggest you open a Microsoft support case.

  16. David Knudson

    Hi Paul,
    We tried to upgrade from SP2 to SP3 today and it erred out after the first “next”.

    the message was: Some controls aren’t valid. the exchange server is in an in consistent state. only disaster recovery mode is available. please use setup /m:recoverserver to recorver this exchange server…

    There is nothing in the event viewer for the time frame in which I ran the install and it aborted.

    I don’t know what that command will do if I run it and don’t know how to proceed…
    on the management console it says in the server section for version:
    Version 14.2 build 247.5


  17. Peter

    Hi, great article, can i ask?
    i plan update – have exchange 2010 sp2, rollup6 already, domain is 2003 extended schema

    my exchange is without SMTP, but with all other roles – DB, transport, cas…
    shall i run prepare schema before or simple put sp3 gui upgrade?, exchange server is 2008spupdated

    we dont have any load balancing, dag…
    i will do veeam backup before and few minutes before i will do Vmware snapshot for quick return

    thank you

    1. Avatar photo
      Paul Cunningham

      You can prep the schema/AD before the upgrade if you like. If you don’t, then the upgrade will automatically try to do it anyway.

      FYI – Your Veeam snapshot can’t be used to roll back the VM if the upgrade fails. Exchange recovery by rolling back VMs is not supported.

      1. Peter

        thank you.. no, we using veeam like backup (at vmware)
        so spot transport rule, make full-backup via veeam, stop backuping

        after that, do VMWARE snapshot and start update

        in small issues, ve roll back only vmware snapshot (so we lost time of patching)

        in huge issues like vmware snapshot crash, we use veeam full backup few hours old

        1. Peter

          we have indepent smtp server which is recieving outside mails, so he will hold incoming mails for few hours and deliver after that

  18. Suresh

    Hi Paul,

    We have two sites with each having a CAS/Hub array and Mbx Servers in a DAG. Would it be possible to upgrade to SP3 one site at a time with a gap of about 1 week in between?

    Any help will be greatly appreciated.

      1. Suresh

        Thank very much Paul. I really appreciate your help.

  19. Timotatty

    Hi Paul,

    Thanks. I am still wondering why the SP3 setup seemed okay but SMTP won’t work on that 1 server that’s been updated.

    Rolling back a CAS/HUB server does not seem to be a problem with these roles. I definitely won’t do it with a Mailbox server. Regardless, the question remains, is there a way to check what has been changed during the SP3 update that might block the smtp om my HUB/CAS server? I doubt it would be something in AD so it has to be on the server itself.

    We are unable to move forward with this update since this showstopper is blocking the progress.

    Thanks, Cheers,

    1. Avatar photo
      Paul Cunningham

      What indication do you have that you can’t send email through that server? What have you tried? What error messages do you see?

  20. Timotatty

    Hi Paul,

    Thanks for your post. I’ve been using this site for a few months now and really like your explanations and scripts. Keep it up.

    We are currently trying to upgrade to SP3 but hit a snag with the /PrepareAD
    In the log file I see this:
    [16-10-2015 19:21:36.0909] [0] [ERROR] Setup couldn’t find LPVersioning.xml.
    [16-10-2015 19:21:36.4506] [0] [ERROR] The LPVersioning file has an invalid value. Please check the Exchange Log for more information.

    I’ve checked the internet but don’t quite understand what they mean about versioning and version files and language packs.

    Apparently we have installed some language packs since there are some registry entries in Exchangev14 hive but this does not help me to resolve the issue.

    Any ideas would be greatly appreciated.

    1. Avatar photo
      Paul Cunningham

      I’ve never seen that error but my first thought is that the extracted SP3 files are incomplete or corrupt.

      1. Timotatty

        Thanks Paul,

        I’ll try to download it again and retry the update.


        1. Timotatty

          Hi again Paul,

          I managed to get rid of the errors:

          [16-10-2015 19:21:36.0909] [0] [ERROR] Setup couldn’t find LPVersioning.xml.
          [16-10-2015 19:21:36.4506] [0] [ERROR] The LPVersioning file has an invalid value. Please check the Exchange Log for more information.

          SP3 was installed on the 1st CAS/HUB array by doing he following:
          1. Re-downloading Exchange 2010 SP3 directly to the CAS/HUB server;
          2. Downloading the SP2 Language Pack;
          3. Add SP2 Language Pack directory to the path environment variable;

          The CAS/HUB seems to be installed properly using your Array update methode of draining, stopping, updating, log checking etc, no errors were found, except that we are now unable to send SMTP messages through this CAS/HUB server. ;(

          After reverting the snapshot to the Pre SP3 update it worked, we were once again able to send mail through this CAS/HUB server.
          There was some mention of backing up the configuration but I am unaware how to do this, especially since this is a multi-rol server.

          Any ideas, url/hyperlink/KB would be greatly appreciated.


        2. Avatar photo
          Paul Cunningham

          If “reverting the snapshot” means you rolled back a VM using a snapshot then at this point I would just build a new VM to replace the functionality of that one and decommission it. Snapshot recovery of Exchange VMs is unsupported and there’s really no telling what little problems it might cause you in the future now with that VM.

  21. Zoltan

    We’re preparing to install SP3 and RU10 in our environment. Would you recommend we install SP3 on each server first and then go back and installed RU10, or to just install SP3 and RU10 at the same time?

      1. Rashid

        Hi Paul,
        While upgrading SP3 of Exchange 2010 i am getting below error on Hub role… i have two co-role servers in dag. I run script to start dag maintenance mood. Please help me

        error: setup cannot continue with the upgrade because the ‘RFExchConn’ () process (ID: 1752) has open files

        1. Avatar photo
          Paul Cunningham

          I’ve never heard of “RFExchConn” so I did a Google search for it and the top results tell me that it related to RightFax services. So I assume you have RightFax installed on the Exchange server, and it is locking files. You should stop the RightFax services while you run your Exchange updates.

  22. Lee

    Very helpful article and all comments were insightful too. Thank you.

  23. ThangNguyen

    Hi Paul,

    When im installing exchange 2013, at “Readiness check” show error “All Exchange 2010 servers in the organization must have Exchange 2010 Service Pack 3 or later installe”

    I install Exchange 2013 on Server Member of Domain controller. Can you help me solve this error.

    Thanks you in advance.

  24. Thorleif

    Hi Paul

    I’m about to upgrade from 2010 SP2 to SP3 for the purpose of migrating to Exchange 2013 later on. It’s a fairly complex environment that involves users in several trusted domains. I understand that both 2010 SP3 upgrade and 2013 install involves a schema update to all of the domains.

    If I do the schema update for Exchange 2013 before upgrading to 2010 SP3, will that be sufficient for the 2010 SP3 upgrade?

    My question is, can I get away with only doing one schema update?

  25. Oliver

    We are trying to update our SBS 2011 server (running Exchange 2010 SP1) to Exchange SP3 (BTW, we also get the same problem when trying to update to SP2). The Hub-Transport-Role (and others) fails because a powershell-process has open files. Even if we kill the process, it immediately starts again.
    Any ideas?

    1. Avatar photo
      Paul Cunningham

      It’s probably some other piece of software on the server locking the files. If you’ve got any Exchange-integrated antivirus or backup products perhaps check to see if they need to be stopped first. I’ve never had to upgrade an SBS 2011 server to SP3 so I can’t suggest anything else really.

      1. Oliver

        I used process explorer to view the process ID and this gave me the path of the software which was running the powershell process. It was our monitoring software! I stopped the services, killed the powershell process and was able to update the Exchange SP.

  26. James


    In a DAG, when you fail the DBs back from an old SP2 server in to the newly updated SP3 server – do the DBs get upgraded in a way that will use loads of disk space?

    (i.e. if you have a 500gb DB and only a 600gb DB drive, would it work or fail due to trying to have the old copy and the upgraded copy).

    Hope that question makes sense – am planning on doing this on our live global Exchange servers tomorrow and while the above example is not what we have, we don’t have as much free space as the size of our smallest DB at present.

    Thanks – James

      1. James

        Thanks Paul – Worked a charm. We have about 600gb of whitespace to hopefully reclaim now we have SP3 on, so space will be less of an issue.

  27. Eugene

    Hi Paul,

    we are planning to upgrade our exchange 2010 SP2 ( to exchange 2010 SP3, i would like to know if there are minimum requirements before i can upgrade my SP2 to SP3 servers? is it okay to upgrade from SP2 version to SP3 or i can jump to stable rollups? am preparing my exchange infra. for 365 migration. thank you.

  28. Hasanat (@m_hasanat)

    Hi Paul, Sorry for posting this much. I managed above situation. I’ll try to upgrade my mailbox server tonight and let you know.

  29. Hasanat

    Hi Paul,
    A very helpful article. We’ve a single domain; one CAS&HUB server and one Mailbox server.
    Before mailbox, I successfully upgraded CAS&HUB server without any warning / error.
    The error I received while upgrading my mailbox server is quite different.
    Kindly have a look below and advise:
    Mailbox Role

    The following error was generated when “$error.Clear();
    buildToBuildUpgrade-ExsetdataAtom -AtomName SystemAttendant -DomainController $RoleDomainController

    ” was run: “An error occurred with error code ‘3221685221’ and message ‘Overlapped I/O operation is in progress.’.”.

    An error occurred with error code ‘3221685221’ and message ‘Overlapped I/O operation is in progress.’.
    Click here for help…

    Elapsed Time: 00:01:36

    Management Tools

    Finalizing Setup
    As per TechNet blog, I uninstalled antivirus, disabled windows firewall and gave full security permissions to everyone for C:Program FilesMicrosoftExchange ServerV14Mailboxaddress. Deleted Action and WaterMark registry entries and tried again but again got same error.
    Request and appreciate your kind guidance to come out of this situation.

    1. Avatar photo
      Paul Cunningham

      I’ve never seen that error. If you’re not finding any solutions for it online I would suggest calling Microsoft Support.

      1. Hasanat (@m_hasanat)

        Thanks Paul…
        I’ve noticed one thing. Default DC/GC set for Mailbox server is Primary DC but during this upgrade it was pointing to secondary DC. I’ll try to set secondary DC as default for Mailbox server and then try again.

        1. Hasanat (@m_hasanat)

          Hi Paul,
          Further to above, i got proper info. by using below switches:
          [PS] C:Windowssystem32>Set-ADServerSettings -PreferredServer dc.domain.local
          [PS] C:Windowssystem32>Get-ADServerSettings | fl
          But i couldn’t find any DC listed under Mailbox>Properties>SystemSettings. All mail services are running normally without any error.

  30. Welani Msosa

    Paul, some guidance from you please. I have been running Exchange 2010 trial version in anticipation of acquiring the Exchange 2013. Now I have the licensed 2013 and a new server to install on but the exchange 2010 trial expired. My ultimate goal is to have the 2013 running and get rid of the expired 2010 trial but I want mail boxes from this expired into the 2013. I have downloaded the SP3 though not sure if it will install on the expired 2010. If only there was a way to have all the mail boxes from this expired to my new anticipated installation of 2013, any feasible way!

      1. Welani Msosa

        Thanks Paul. I created another useless challenge for myself. As I was preparing for the upgrade from Exchange 2010 to Exchange 2013, I had setup another box and installed exchange 2010 on it so I can move mail boxes temporarily there becuase I thought I will install the 2013 on the main computer which is running 2010. But I got another server where I want to install the 2013 and I have done all necessary steps on the main box which is running 2010 i.e upgrade the 2010 to SP3. The challenge I have is the temporal exchange I created is giving all sorts of errors to update to SP3 and would like it out of the domain so i can proceed with 2013 installation which is requesting to have this temporal server also updated. its talking of so many hotfixes which when i download say they are not meant for the machine. I simply want this temporal exchange 2010 removed from the forest so I can continue, step by step manual removal guide please.

  31. David S

    Hi paul.

    we have 2 multi role exchange servers in our environment.

    exch1 (cas, hub, mailbox,dag member internet facing)

    exch2 (cas, hub, mailbox, dag member)

    I been reading that to apply sp3 you should always do the Cas, hub, mailbox, in this order.

    question is if both servers hold all the roles should I:

    update the Internet facing server first(exch1)

    then the none internet facing serer (exch2)

    since there are schema changes, can i reboot one server then update the other server or should I update both servers and reboot both?

    thanks for all your work thru out the years…


    1. Avatar photo
      Paul Cunningham

      Internet facing server first.

      Do one server, reboot, switchover databases, do the second server. If you reboot them together you’ll have downtime.

  32. ME

    Nushan, “waiting for his quick reply” seriously?!!!!

    Hi Paul, many thanks for your all the time great posts.

  33. Nushan Perera

    Hi Paul,

    I’m Upgrading to Exchange Server Service Pack 2 to 3. I’m currently doing. It Was completed till 9 stage Successfully. Now I am waiting till 10th stage complete. Its Languages . 50 minutes gone. Still pending. Normally How long it will take? I’m having 150 Users in domain. Waiting for your quick Reply.

    Nushan Perera

  34. Rhinofart

    Quick question for you Paul. Our Exchange environment is SP2 RU6, and my management workstation just got upgraded to 8.1. My Exchange console doesn’t expand, and came across this. Was wondering if I could install SP3 Management tools on my Windows 8.1 management workstation, while keeping the actual exchange servers at SP2RU6 and be able to manage the Exchange servers. Any ideas or suggestions for this scenario?

  35. Chris

    Hi Paul,
    Thanks for your write ups! I have a single Exchange 2010 SP2 RU8 server. Is it ok to stay with this? Using Server 2008 R2 with this install. What are the compelling reasons to upgrade to SP3? Will security updates continue to be released with SP2? Thanks!!

  36. Omer Altom

    Dear Paul , thanks for the great Post

    I have an Exchange 2010 SP2 with Rollup Number 8, and you mentioned in the article that SP3 has all the updates till SP2 Rollup Number 6.

    Does the Rollup Number affect the Upgrade Process? and if it is yes is there any workaround ?

  37. Chris

    I have one domain with two sites, each Exchange Server is a hub transport, client access, mailbox roles. The schema master is only located at my site. Am I right in thinking I should first upgrade the schmea master, using the adprep command. then the exchange server on the site with the schema master, then the other site? Any issues I can anticipate?

    1. Avatar photo
      Paul Cunningham

      Yes, the adprep steps need to be performed in the same AD site as the schema master. So upgrading the Exchange server in that site first is one approach that satisfies that, as the upgrade process will automatically perform the adprep bits. The other is to manually run the adprep steps first, then you can upgrade the servers in any order you like.

  38. Aivariokass

    Hi, got strange issue installing SP3.. succesfully upgraded 2 CAS servers from sp1 to sp3. and now then i launch install on last server and press button: Install Exchange server upgrade, windows just refreshes and noting happens.. tried to install SP2, same thing.. Anybody have same issue ?


  39. Mark

    I’m about to do a migration from Exchange 2003 SP2 to Exchange 2010 on a 2012 Server. Which release of Exchange should I install? All roles will be on a single server, nothing too fancy.

    1. Server System Engineer

      You can use Exchange Server 2010 SP3 RU7 for your Windows Server 2012.

  40. Sachin Singh

    Dear Paul,

    We have Exchange server 2010 Organization spread in to multiple sites and region. We only manage one region exchange servers configured for multi role using it’s own DAG, exchange servers version are SP2.

    While some region has already upgraded to Exchange server 2010 SP3, If we go for upgrade to SP3 on our server , Schema update would be required ? or, as already SP3 is introduced to Exchange Organization so schema update not required again.

    My question is because, if schema update is required, then we will request for schema admin rights during exchange server upgrade.

    Thanks in advance !

    1. Avatar photo
      Paul Cunningham

      The schema update is performed once for the entire AD forest. If someone else in your Exchange org has already upgraded to SP3, then the SP3 schema update has already been performed.

      1. Sachin Singh

        Dear Paul,

        Really very Helpfull..

        Thanks once again

  41. Paul Stainton

    I have just upgraded Exchange 2010 SP1 to SP3 on a clients SBS 2011 Server.
    The client uses AVG Email Server Version as it A/V solution

    So, on a lab test server running SBS 2011 with Exchange SP1, I installed AVG
    In my preparation I disabled AVG services and turned off all Email features
    Then rebooted. The SP3 upgrade worked fine, no issues.

    On the production server it failed on Restoring Services

    Extract of the log file
    [10/04/2014 09:46:01.0349] [2] Beginning processing Start-SetupService -ServiceName:’WinMgmt’
    [10/04/2014 09:46:01.0359] [2] [ERROR] Unexpected Error
    [10/04/2014 09:46:01.0359] [2] [ERROR] Service ‘WinMgmt’ failed to start due to error:’Cannot start service WinMgmt on computer

    [10/04/2014 09:46:01.0359] [2] [ERROR] Cannot start service WinMgmt on computer ‘.’.
    [10/04/2014 09:46:01.0360] [2] [ERROR] An instance of the service is already running
    [10/04/2014 09:46:01.0362] [2] Ending processing Start-SetupService
    [10/04/2014 09:46:01.0363] [1] The following 1 error(s) occurred during task execution:
    [10/04/2014 09:46:01.0364] [1] 0. ErrorRecord: Service ‘WinMgmt’ failed to start due to error:’Cannot start service WinMgmt on

    computer ‘.’.’.
    [10/04/2014 09:46:01.0364] [1] 0. ErrorRecord: Microsoft.Exchange.Configuration.Tasks.ServiceStartFailureException: Service

    ‘WinMgmt’ failed to start due to error:’Cannot start service WinMgmt on computer ‘.’.’. —> System.InvalidOperationException:

    Cannot start service WinMgmt on computer ‘.’. —> System.ComponentModel.Win32Exception: An instance of the service is already

    — End of inner exception stack trace —
    at System.ServiceProcess.ServiceController.Start(String[] args)
    at Microsoft.Exchange.Management.Tasks.ManageSetupService.StartServiceWorker(ServiceController serviceController, String[]

    — End of inner exception stack trace —
    [10/04/2014 09:46:01.0365] [1] [ERROR] The following error was generated when “$error.Clear();
    if (Get-Service

    WinMgmt* | ?{$_.Name -eq ‘WinMgmt’})
    Set-Service WinMgmt -StartupType Automatic

    SetupService -ServiceName WinMgmt
    ” was run: “Service ‘WinMgmt’ failed to start due to error:’Cannot start

    service WinMgmt on computer ‘.’.’.”.
    [10/04/2014 09:46:01.0365] [1] [ERROR] Service ‘WinMgmt’ failed to start due to error:’Cannot start service WinMgmt on computer

    [10/04/2014 09:46:01.0365] [1] [ERROR] Cannot start service WinMgmt on computer ‘.’.
    [10/04/2014 09:46:01.0365] [1] [ERROR] An instance of the service is already running
    [10/04/2014 09:46:01.0365] [1] [ERROR-REFERENCE] Id=AllRolesMidFileCopyComponent___313d67c6aa0d4e6e9ea18be49c8b13ff

    [10/04/2014 09:46:01.0366] [1] Setup is stopping now because of one or more critical errors.
    [10/04/2014 09:46:01.0366] [1] Finished executing component tasks.
    [10/04/2014 09:46:01.0423] [1] Ending processing Start-MidFileCopy
    [10/04/2014 09:47:59.0668] [0] End of Setup

    It seems to say it cannot start WinMgmt service because its already started.

    Restarted the SP3 setup and it completed successfully.

    I thought I’d share this, and if anyone knows why I would be grateful.

  42. Ben

    After the sp is complete, am I able to safely delete the install files? The folder is about 1-1/2 gb.

  43. Ferit

    Thanks for the great post!

    I have updated my SBS 2011 Exchange Sp1 to Sp3 today without any Problems.

    have a great time!


  44. Don

    In the preparing schema section the command referenced is setup.exe /PrepareAD but it should be /PrepareAD

  45. gary

    i plan to apply this to our sp2 boxes (2x onsite and offsite).
    Both are on latest UR8.
    I assume SP3 will be fine?

    All roles on each box, one offline the other servicing live mailboxes.

  46. Shawn Burke

    If you want to see that an update rollup was applied by checking the revision number you can use the following
    EMS command: GCM exsetup |%{$_.Fileversioninfo} or use the HELP About. I noticed that the Server Configuration tab in EMC did not show the revision update after I applied RU5. (14.03.0181.006 )

  47. Chris K

    i have a question regarding updating to SP3 because of my site design. I have two sites (site A primary site and site B DR site) both with their own CAS servers and their own name spaced casarray. We also have multiple mailbox servers at both locations in a stretched DAG (Active/Passive site) This was done for site resillence and controlled failover.

    Do I need to update the CAS servers at both sites before i update the mailbox servers at either. Or could I do the CAS servers at site B then the mailbox servers at site B and then do the same process with the systems at site A. That way I could test the SP install in the environment without impacting the user community.

    1. Avatar photo
      Paul Cunningham

      Update CAS before MBX. Update the internet-facing CAS before other CAS.

  48. Rob H

    Hi Paul.

    We have a Single Server 2010 setup.

    I’ve previously updated to SPK3.

    I want to put the update rollups on – I did the first but when I use


    It still shows the SPK3 build – does this mean the Rollup didn’t work or is that what you’d expect.

    Thanks Rob

    1. Avatar photo
      Paul Cunningham

      Get-ExchangeServer doesn’t show an updated build number for RU installs.

      Note that you only need to install the latest RU for SP3, you don’t need to install each of them in order. Just the latest one is fine, because they are cumulative.

      1. Rob H

        So in short there’s no way to tell you’ve installed it?

        It doesn’t seem to show up in installed Programs or Updates.

        1. Avatar photo
          Paul Cunningham

          The update rollups do appear in the installed programs list if you click on “View installed updates”.

  49. Shawn Burke

    Thank you for your expertise and dedication Paul. I started this process with a bit of trepidation but your article and all the feedback has made the process less intimidating. Successfully upgraded our single server to SP3 and RU5. Thanks again for all your write ups!

    1. Vinod Rana

      We are planning to upgrade unified messaging exchange 2010 SP2 to SP3 and in existing environment we have already installed language pack.

      Please let me know if I can proceed or do I need to remove existing language pack?

  50. Mike C.


    I hope you are well. Perhaps the obvious is escaping me. I have a two member DAG that holds one database in the group. Am I still issuing a move command even though the database is active on one server and exists on the other server? How does it work if you only have 2 servers? Sorry if I am missing something you have already explained.

    Thanks so much for all of your work writing these articles up and following up.


    1. Mike C.

      I think I got it figured Paul.

      I was getting hung up on terminology. I activated the databases on the member of the DAG I was not updating and set the inactive member to not become active via Powershell. I applied to the update to the inactive member server and then made its DBs active after successful completion of the update. Then set the other server to be inactive on all DAG DBs and blocked from becoming active – via powershell. That update is running presently, all seems to be well so far although it is taking a good while on the Language. Thanks again for these write ups!

        1. Mike C.

          More or less in the end, yes. =) I had a mental hang up on the idea of “moving” something that was already there. I never use that wizard and usually make one server or the other active at the server level and not the DAG level if that makes sense. I’ve just been doing things differently and therefore seeing them differently. I always get nervous a bit anyhow – don’t tell anyone. Thanks for replying and all your hard work!

  51. Kap

    Hi Paul,

    I have a single forest and multi domain scenario and we are planning to upgrade our exchange org from SP2 RU6 to SP3 RU3. My exchange is hosted on my forest domain and all users are in the child domain. So on my DC that holds Schema master role I will run /pd so that it will upgrade my schema and prepare the domain. Having doubt that should I need to run /pad [/organizationname:]for all child domains or my forest root DC is enough

  52. Muhajer

    Hi Paul,

    First I would like to thank you for the great posts. I am a big fan.

    I am planning to install Exchange 2010 SP3 next week and after reading some of the comments on this post I got a little worried.

    Our current Exchange environment consists of the following:

    1 x CAS/HT Server
    2 x Mailbox Server (members of a DAG)

    The OS of the 3 servers is Windows Server 2008 R2 SP1. All servers are running Exchange 2010 SP1 Update Rollup 6.

    The Execution Policies on our Exchange servers are set as follows:
    – CAS/HT Server:
    Scope ExecutionPolicy
    —– —————
    MachinePolicy Undefined
    UserPolicy Undefined
    Process Undefined
    CurrentUser Undefined
    LocalMachine Unrestricted

    – Mailbox Servers:
    Scope ExecutionPolicy
    —– —————
    MachinePolicy Undefined
    UserPolicy Undefined
    Process Undefined
    CurrentUser Undefined
    LocalMachine RemoteSigned

    I would be very grateful if you (or any of the kind readers) could help me with following questions:

    1- Do I have to change the execution policy on our Exchange servers before installing SP3? If I have to change a policy, what should I change? And how would you recommend I should do this?

    2- After installing SP3 on a server, can I install the latest rollup update on this server before moving to the next server? For example, can I do the following:
    i. Install SP3 followed by RU 5 on the CAS/HT server -> Apply the our custom settings
    ii. Install SP3 followed by RU 5 on the first mailbox server
    iii. Install SP3 followed by RU 5 on the second mailbox server

    Many thanks,

    1. Muhajer

      Just a quick update.

      The upgrade from SP1 to SP3 was carried out successfully. It took ~1.5 hrs per server. I also installed UR 5 for SP3 (KB2917508) and this took ~1 hr per server.

      To summarise, our Powershell execution policies (listed above) did not affect the upgrade.


  53. Vino

    Planning to install rollup 5 for exchange 2010 sp3. Is there anything to be considered before installing rollup 5..

    1. Avatar photo
      Paul Cunningham

      Read the release notes, and read the EHLO blog post comments for any user reports of issues. That is usually what I do.

  54. Mike

    So in the middle of deploying SP3 to my CAS server, it is just hanging. It is at the Remove Exchange Files step, and has been for about 3 days now. Log file states:

    Removing MSI package with code ‘4934d1ea-be46-48b1-8847-f1af20e892c1’

    I am not seeing this anywhere on my server except in the C:WindowsInstaller directory. Now quite sure where to go from here as it is just stuck in this loop. Thoughts?

  55. stanley

    We applied exchange SP3 in our VM environment. It completes successfully, but when I open EMC I get the error

    The following error occured when retrieving user information for “domain admin”

    The operation could not be performed because “domain admin” was not found.

    Any recommendations?


  56. James Zay

    Hi Paul,

    First off, thank you so much for this wonderful article. It helped me a lot.
    A quick question. I upgraded my environment to SP3 RU5 from SP1 because the address book service on the CAS server kept stopping at random times during the day for no reason. Didn’t know where to start liking for logs.

    However after the upgrade, the service continues to stop randomly.

    Any suggestions on fixing this please?


  57. Paul Stroud

    Hi Paul,

    Thanks for a great article. I’ve applied service packs to E2K10 systems with DAGs before, but there is a lagged copy at my current employer. I now need to apply SP3 and update rollups to this system.

    Could you please tell me if there are any gotchas regarding updating a server which contains lagged copies of the databases (14 days of transaction logs)?



    1. Avatar photo
      Paul Cunningham

      Nothing special about lag servers. Just use the same steps as any other DAG member.

  58. Jan Larsen

    I still get the same error 🙁

    Do you have any idea on what else I can do?

  59. Jan Larsen

    I will try that and run the SP3 update later this evening…..


  60. Jan Larsen

    Great article!

    I’m not able to find the entry under Deleted Objects, is there another way to solve this problem?

    1. Avatar photo
      Paul Cunningham

      Tried simply recreating the group?

      All the RBAC stuff will not be right but at least the group will be present and that might be enough for Exchange setup to continue.

  61. Jan Larsen

    Hi Paul,

    I get the following error when trying to upgrade to SP3:

    [ERROR] Unexpected Error
    [ERROR] The well-known object entry B:32:B3DDC6BE2A3BE84B97EB2DCE9477E389:CN=Help DeskADEL:75e797a7-dc15-4b78-8363-87f1959c8996,CN=Deleted Objects,DC=XXXXXX,DC=local on the otherWellKnownObjects attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=XXXXXX,DC=local points to an invalid DN or a deleted object. Remove the entry, and then rerun the task.
    Ending processing initialize-ExchangeUniversalGroups

    The following 1 error(s) occurred during task execution:
    ErrorRecord: The well-known object entry B:32:B3DDC6BE2A3BE84B97EB2DCE9477E389:CN=Help DeskADEL:75e797a7-dc15-4b78-8363-87f1959c8996,CN=Deleted Objects,DC=XXXXXX,DC=local on the otherWellKnownObjects attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=XXXXXX,DC=local points to an invalid DN or a deleted object.
    Remove the entry, and then rerun the task.

    ErrorRecord: Microsoft.Exchange.Management.Tasks.InvalidWKObjectException: The well-known object entry B:32:B3DDC6BE2A3BE84B97EB2DCE9477E389:CN=Help DeskADEL:75e797a7-dc15-4b78-8363-87f1959c8996,CN=Deleted Objects,DC=XXXXXX,DC=local on the otherWellKnownObjects attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=XXXXXX,DC=local points to an invalid DN or a deleted object. Remove the entry, and then rerun the task.
    [ERROR] The following error was generated when “$error.Clear();
    initialize-ExchangeUniversalGroups -DomainController $RoleDomainController -ActiveDirectorySplitPermissions $RoleActiveDirectorySplitPermissions

    ” was run: “The well-known object entry B:32:B3DDC6BE2A3BE84B97EB2DCE9477E389:CN=Help DeskADEL:75e797a7-dc15-4b78-8363-87f1959c8996,CN=Deleted Objects,DC=XXXXXX,DC=local on the otherWellKnownObjects attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=XXXXXX,DC=local points to an invalid DN or a deleted object. Remove the entry, and then rerun the task.”.
    [ERROR] The well-known object entry B:32:B3DDC6BE2A3BE84B97EB2DCE9477E389:CN=Help DeskADEL:75e797a7-dc15-4b78-8363-87f1959c8996,CN=Deleted Objects,DC=XXXXXX,DC=local on the otherWellKnownObjects attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=XXXXXX,DC=local points to an invalid DN or a deleted object. Remove the entry, and then rerun the task.
    [ERROR-REFERENCE] Id=443949901 Component=
    Setup is stopping now because of one or more critical errors.
    Finished executing component tasks.
    Ending processing Install-ExchangeOrganization

    Best regards

    1. Avatar photo
      Paul Cunningham

      There should be a “Help Desk” group in the “Microsoft Exchange Security Groups” OU. Have you previously moved or deleted that group?

      1. Jan Larsen

        Yes, I might have deleted the Help Desk group at one point 🙁

  62. buck2520

    When you run the setup.exe prepareAD, will that update the schema master first and then it will replicate out from there? reason that I ask is that my AD team is wanting me to take a backup of the schema master and thne stop replication from the schema master server. Run the prepare AD command, test, then enable replication again.

    1. Avatar photo
      Paul Cunningham

      /PrepareSchema will update the schema master first.

      Not sure about /PrepareAD.

  63. syed

    Hello Paul,

    Thank you very much for your fruitful help.

    Best Regards,

  64. syed

    Hi Paul,

    Can you give me comments at my last post.

    I have planned to upgrade exchange 2010 sp1 to sp3 at weekend. Please can you let me know few things.

    1. Our environment have exchange servers 2010 with OS windows server 2008 R2 (main exchange server sp1
    roles (CAS,HT,mailbox) and TMG exchange 2010 RTM (Edge transport).

    2. Should I upgrade scheme with command (setup.exe /PrepareAD) at one of our domain controller (single domain with multiple domain controllers forest functional level 2003) or i can upgrade scheme at exchange server.

    3. Our main exchange sp1 rollup 8 (CAS,HT,mailbox) and (version 14.1 build 218.15), it is ok.

    4. Should i stop Edge transport (TMG) services during upgrade of sp3 by using this command fscutility /disable
    and after installation of sp3 enable afterward by fscutility /enable.

    5. Should I unmounts mailbox databases during upgrade of sp3 at main exchange server.

    6. TMG is still have exchange RTM (Version 14.0 (Build 639.21), Should I need to upgrade TMG immediately with exchange sp3 or can Waite little (or I need to first TMG update Sp1 and then sp3 afterward).

    Best Regards,

    1. Avatar photo
      Paul Cunningham

      I’ve removed your duplicate comment. Please don’t post the same comment multiple times. If I haven’t answered the first one either I didn’t understand your question or I simply haven’t had time to answer it.

      1) Ok. That isn’t a question so I’m not sure what you want there.

      2) Either way, it is up to you.

      3) Again, not a question.

      4) I don’t know any special upgrade steps for Exchange installed on a TMG server, I recommend you check TechNet.

      5) No, the upgrade handles that automatically for you.

      6) Again, not sure about Exchange/TMG integration scenarios, I recommend you do some research on TechNet.

  65. Craig

    Paul, thank you for this and other posts. My question to you is this. We are planning on upgrading our Forest/Domain level to 2008 R2, with 2x 2008 R2 DC’s and 1x 2012 DC. I asked how this will effect our Exchange 2010 SP1 (Version 14.1 (Build 2.18.15) and was told that I need to have SP3 for Exchange installed. My questions are:
    1) Do I need to install this SP3?
    2) Can I install SP3 without installing any other pre-requisites?
    3) Should I go with a different SP, like SP2 UR5?

    Any additional help would be greatly appreciated.


    1. Avatar photo
      Paul Cunningham

      1) Yes, you should install Exchange 2010 SP3 and the latest update rollup after that

      2) I’m assuming you mean the extra pre-reqs that were introduced in SP2. When you upgrade the setup process can install the extra pre-req components automatically for you, eg setup /mode:upgrade /installwindowscomponents

      3) No

      1. Craig


        Thanks, but it seems that we will only be installing SP2 at the moment, but I just want to make sure that if we do this, I still have to install RU5 or RU6 afterwards, correct? Also, there is this script that I see that needs to be applied to the server: (Add-WindowsFeature Web-WMI,Web-Asp-Net,Web-ISAPI-Filter,Web-Client-Auth,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Logging,Web-Http-Redirect,Web-Http-Tracing,Web-Request-Monitor,Web-Static-Content), but I think this just adds certain Windows components using the command line script. Thanks again for the advise.


  66. Jay

    We ran into some strange issues upgrading to Service Pack 3 with a Netapp filer using iSCSI and SnapDrive.

    1. Before starting the upgrade on CASHT (before the fscutility /disable) stop the FSCController in services for Forefront. This will stop the MSExchange Transport service. fscutility /disable will fail if you don’t.

    2. Kill any open powershell.exe processes and stop the SnapManager service for Netapp on the mailbox servers.

    The upgrade took between 9 minutes and 15 minutes on both CASHT and mailbox servers. However, after a successful upgrade we saw multiple issues after rebooting the mailbox servers. Upon the reboot of secondary mailbox server, while all DB’s were on the primary, the secondary (just upgraded server) caused the up and running databases to dismount on the primary in the DAG. Databases would not mount until the Cluster Service was restarted using the Cluster Failover Manager on the primary mailbox server. Both servers were then able to see the DAG and mount the databases.
    After I moved active database to the upgraded server, and then installed the service pack on the other mailbox server, the iSCSI service did not restart and the LUN’s didn’t show up. Restart iSCSI and the LUNS appear.

    After the upgrade, both servers rebooted multiple times on their own. After these reboots, make sure you check all services are running.

    1. Jay

      Forgot to add….
      Had to delete a registry key before the upgrade would run. You will see an error during pre-requisite check – “A pending reboot is necessary due to another installation” or words to that effect.

      Delete the HKLM->SYSTEM->CurrentControlSet0>Control->Session Manager->PENDINGFILERENAME Key.

      Then re-run the upgrade. This key existed on all CASHT and mailbox servers for us.

      Thanks for this site and everybody that contributed!

  67. Ram

    Hi Paul,

    Once again, thanks for the great resources you share with us to help out.

    I’m planning to upgrade my exchange environment from Exchange 2010 SP2 RU8 to SP3 this coming weekend. I’m running a hybrid set up with part of our users migrated to Office 365 and the rest still on-premises. Our Client Access Server (a VM) and our Mailbox/Hub Transport ( physical box) run Exchange 2010 SP2 RU8 while our Exchange Hybrid runs Exchange 2010 SP3. We have been experiencing a Free/Busy issue and got a recommendation from MS Tech Support to upgrade the two SP2 servers to SP3 to solve the issue. I went through the great HOWTO that you wrote about Installing Exchange 2010 SP3 but I would like to know if there is anything else that I should watch out for, given our deployment.

    Thanks in advance for your feedback!

  68. Imran

    Can you let us know which website you had find it.

  69. GV

    HI Paul,

    we have multidomain enviorment with 3 exchnage organazation. 2 of them with exchnage 2010 sp2 and 2003 coexistance. and 3rd has only exchange 2003, an we proceed with exch 2010 sp3 in this? does this will have any impact on other two exchage organization?

    1. Avatar photo
      Paul Cunningham

      There is only one Exchange organization per AD Forest so nothing you do in one organization should impact the other organizations.

      1. Gv

        Hi, apologies for incomplete information. I mean to say, we have 4 different administrative group under one exchange org. Root domain and 4 child domain. Each child domain has exchange server installed.

        1. Avatar photo
          Paul Cunningham

          In that case yes you can upgrade your Exchange 2010 to SP3 and co-existence with 2003 should still work fine.

  70. Imran

    Hello Paul,
    In our exchange environment, we have three exchange server 2007 sp3 (roles. CAS, HT and mail box), exchange 2010 (role, only mailbox ( it has no email user now)), main exchange 2010 sp1 (CAS, HT, mailboxes(it contain all mail boxes)) and one edge transport server all installed windows server 2008 R2 sp1.
    I am in process of migration from exchange 2007 sp3 to exchange 2010 sp1 (CAS, HT, mailboxes). I have move all mail boxes exchange 2010 sp1, and also move services (OWA. Microsoft active sync, outlook anywhere, OAB and certificate allocated services SMTP, POP3, IIS, IMAP). Should I need to do anything else.
    Soon I have plan to remove exchange 2007 sp3, and exchange 2010 server have mailbox role, but have no more email users.
    Second question, after installing the sp1 at our main exchange server (CAS, HT, and mailbox), our users at have problem at win xp os with outlook 2003 sp3, user are not able to share calendar other user (if I share 5 to 10 person calendar). In outlook gave error is no connection with exchange server. After migration of exchange 2010 sp1 some outlook user not able to connect outlook 2003 with exchange server 2010 sp1, but have no problem with outlook 2010. Sometime users have problem to see at attachment from outside emails, its automatically go to unwanted email.
    I have update exchange sp1, but I did no update sp1 to exchange edge transport server (TMG).
    1. It is good idea if upgrade our main exchange 2010 sp1 to direct exchange sp3.
    2. Do I need to first remove old exchange 2007 sp3 and old exchange 2010 (mailbox role).
    3. Do need to first update exchange sp1 to sp2 and afterward sp3.
    4. Future I have plan to install one exchange server for back our main exchange server with role (CAS, HT, Mailbox).
    5. If update our exchange server with sp3 do I need to update sp3 to edge transport server afterward.

    Looking forward to hear from you.

    Best regards,

    1. Avatar photo
      Paul Cunningham

      I’m a bit confused by all the info you’ve got there but I’ll try to answer.

      If you’ve got general questions about the process of migrating from 2007 -> 2010, including decommissioning of the 2007 servers, I’ve written an ebook that you may find helpful.

      For Outlook 2003 issues in Exchange 2010 migration scenarios refer to this guidance from Microsoft:

      For your other questions:
      1) Yes
      2) No
      3) No. You can upgrade directly to the latest service pack. You should also then consider upgrading to the latest update rollup for that service pack.
      4) OK
      5) Yes

      1. imran

        Hello Paul,

        Thank you very much for your help, I have tried that solution you have suggested to me for outlook 2003 problem share calendar with other users in exchange 2010 sp1. It is not really helping me. It is still having same problem.

        Problem in detail, this is at client side in outlook.

        Users have win xp os with outlook 2003 sp3, user are not able to share calendar other user (if they share 5 to 10 person calendar). In outlook gave error “the connection to the Microsoft Exchange server is unavailable. Outlook must be online or connection to complete this action”.

        Error at exchange side.

        MSExchange ADAccess. Even ID 2915
        Process Microsoft.Exchange.RpcClientAccess.Service.exe (PID=3716). User ‘Sid~exchange.comLS~RCA~false’ has gone over budget ‘126’ times for component ‘RCA’ within a one minute period. Info: ‘Policy:DefaultThrottlingPolicy_192467d3-1068-4a75-8dcc-532369ad2974, Parts:MaxConcurrency:125;’. Threshold value: ‘100’.

        I have no idea if this problem can solve in exchange Sp2.
        I have seen there was problem exchange sp2 with IIS not working afterword. It is still have problem or it is safe t upgrade. I have exchange with IIS 7.0/7.5
        I have just wait for sp3 of exchange because it need to first back of our TMG edge transport server.
        Looking forward to hear from you

        Best regards

  71. Lonny

    Nice article and having images always makes it nice for someone whose is not well versed in these fields.
    Couple quick questions as some of these issues have be a little weary.
    We are on a single site SBS 2011 Standard with built-in exchange 2010 and the patches are not up to date so no SP1 or 2 installed.

    -If I have exchange installed on a different drive then the OS (say “D”) will this cause any problems? I read through: you referenced in a response and it talks about Exchange not being in the default location and not sure if this would apply to my situation

    -Could you please point me to the correct procedure to perform the schema update steps that it appears have to be done following the install?

    Anything else you would recommend reading up on or being prepared for based on my config.

    1. Avatar photo
      Paul Cunningham

      Installing into a different path is fine. That article talks about server recovery not SP3 installation.

      SBS is often a different story to regular Exchange installs so you will need to look for SBS-specific guidance for handling the Exchange update, as there may be extra steps or considerations that I’m not aware of.

  72. Petar

    Hi Paul,

    I have Exchange 2010 SP2 (not with latest updates) and I plan to connect it to Edge Transport (with SP3 and with latest updates) which is located in DMZ.
    All necessary ports have been opened on TMG 2010 but there is always error: >EdgeSync service cannot connect to this subscription because of error “No EdgeSync credentials were found for Edge transport server NameOfServer.Something on the local Hub Transport server. Remove the Edge subscription and re-subscribe the Edge Transport server<. I tried removing subscription and adding it again but same error over and over again.
    Am I missing something or just doing something wrong?

    Thanks in advance!

  73. Shora


    Does installing SP2 or higher on Exchanage 2010 SP1 will cause loosing data and Exchange settings?


  74. NetRock


    I’m looking for Exchange 2010 installation source with integrated SP3 with it.
    I found an installation source with integrated SP1 but couldn’t find one with SP3.

    would you please provide a link to download it.



  75. Eiba Haddad

    Hello Paul,

    Thanks for your article.

    I have 3 internet facing sites ( 1 main , 2 DR ) with DC , CAS/HUB , MBX servers at each of them, I am planning to upgrade to SP3 starting with one DR site to get familiar with the issues that may arise during the upgrade.

    my plan is to start with the schema upgrade on the DC in the DR site ( secondary DR ) then the CAS, EDGE , and finally the MBX , I am planning to keep that site running for a while on SP3 before I continue upgrading the other two sites

    will the schema upgrade cause any issues if we kept the other two sites on SP2 for a while ( a week or two lets say) ?

  76. Kaiser

    Hello Paul,
    a great article and lots of great comments, I have a question may sound a bit daft but hey,
    I am planning on upgrading from Exchange 2007 to 2010, during my research I found out that exchange 2010 is supported on windows 2012 after Exchange sp3. now the problem is Exchange won’t install on 2012 (unless a few hacks are done to fool exchange) if we cannot install exchange on server 2012 how can we deploy sp3 so that it works. any point towards this direction will be much appreciated.


    1. Avatar photo
      Paul Cunningham

      Exchange 2010 SP3 will install on Windows Server 2012. So download the Exchange 2010 SP3 build and use that for your Exchange installation.

      Other than that I don’t understand your scenario.

      1. Kaiser

        if that is correct, that means Exchange 2010 SP3 is actually a full Exchange install. if so I should only install the sp3 (no need to install RTM version of Exchange 2010 first and then update to sp3) on windows 2012.

        1. Avatar photo
          Paul Cunningham

          Correct. The Exchange service packs are a complete build of the server.

  77. Amir

    Hi Paul,

    I am upgrading my 4 exchange2010 servers and it’s one error after another. Just to share my experience. I am not that experienced in exchange environment though.

    1. lots of these “Setup cannot continue with the upgrade because the ‘mmc’ () process (ID: 10696) has open files. Close the process and restart Setup.”

    I did :
    open powershell with “run as admin” and then type get-process and
    get-process which gave all processes
    then went for the quoted one
    get-process “mmc” and press Enter
    then simply Stop-Process
    and kept on doing it

    For the Error

    Some controls are’t valid . “Setup previously failed while performing the action “install. You can’t resume setup by performing the action “BuildToBuildUpgrade”.

    I did: went to google and then followed the majority

    FInd the registry key from “HKEY_LOCAL_MACHINESOFTWAREMicrosoftExchange Serverv14.0ClientAccessRole”. (or which ever role is geting this error)
    Delete the key “Action”

    For the Error

    The following error was generated when “$error.Clear();
    if ($RoleCreatePublicFolderDatabase)
    $publicDB = get-PublicFolderDatabase -Server:$RoleFqdnOrName -ErrorAction SilentlyContinue;
    $DB = get-MailboxDatabase -Server:$RoleFqdnOrName -ErrorAction SilentlyContinue;
    if ($publicDB -and $DB)
    set-mailboxdatabase `
    -Identity:$DB.Identity `
    -publicFolderDatabase:$publicDB.Identity `
    -DomainController $RoleDomainController
    ” was run: “Cannot bind argument to parameter ‘Identity’ because it is null.”.

    I Did :

    To resolve this issue, follow the steps:

    Open IIS Manager. Navigate to PowerShell and Powershell-proxy virtual directory.
    Delete both of them
    Goto ADSI and delete the PowerShell and Powershell-proxy virtual directory from there
    In ADSI, navigate to the virtual directory of the server with the issue.
    FInd the registry key from “HKEY_LOCAL_MACHINESOFTWAREMicrosoftExchange Serverv14.0ClientAccessRole”.
    Delete the keys Action and Watermark
    Restart IIS and Reinstall Exchange 2010 SP3

    For the Error

    Under Mailbox Server Role

    This Server Role Can’t be installed becuase the following roles aren’t current:AdminToolsRole

    I Did:

    Followed this.

    Still doing installation on the 2nd of the two DAG mailbox servers and the “powershell already exists” error came again tough I removed them from IIS and ADSIEDIT.

  78. Jonby

    Great article. The SP3 instructions is pretty straight forward. What really helped also was the article to the CAS Array and DAG. After completing the updates to SP3, we are just now noticing the issue with the Address book on the client end. In Outlook 2010 or 2013 at the bottom, clients are getting “All folders are up to date. Updating Address Book. Connected to: Microsoft Exchange”. It just stays that way. If we try to manually download the Address book, we get an error:

    Task ‘Microsoft Exchange’ reported error (0x8004010F) : ‘The operation failed. An object cannot be found.’

    Note most of our client’s Outlook setting is set to Cache Exchange Mode. Looking in the client’s local folder for the Offline Address Books: C:Users\AppDataLocalMicrosoftOutlookOffline Address Booksxxxxxxxx last modified date was when we did the SP3 Update on the CAS server. So it looks like on the client’s side, its not able to find the updated Address Book. If we setup Outlook to Online Mode, we see the update Address Book right away.

    So looking on the Exchange end, I can see that the OAB.xml file is up to date on both the Mailbox and CAS servers. In this directory: Program FilesMicrosoftExchange ServerV14ClientAccessOABxxxxx folder.

    Our setup is 2 CAS server in a CAS Array. 2 mailbox server in a DAG.

    I’m at loss where troubleshoot next. I’m wondering if anyone else came across the same issue I’m dealing with?

    1. Avatar photo
      Paul Cunningham

      Move the OAB generation to a different mailbox server. Also double-check the OAB publishing is set to one or more valid CAS. Look for file distribution service (FDS) errors, or if the FDS is stopped. Check the OAB virtual directory is still valid, and whether the SSL requirement for the default website has been flipped on by the SP3 update.

      1. Jonby

        Thank you, thank you, thank you sir. The problem was with the OAB virtual directory for SSL was enabled. I unchecked that box, ran IISRESET, and we are able to download the Address Book with no issues now. Thanks again.

  79. Adam


    Thanks for the article. I followed your instructions and installed SP3 with only one issue… that I wouldn’t expect your article to cover, but may help someone in our situation.

    The only issue we ran into was that our Hardware load balancer was handling SSL offloading. Any Exchange Service pack, SP3 included, resets the SSL security in IIS so that our LBs started to get a 403 Forbidden error. And as a result, external OWA and Activesync broke.

    We had to follow the steps in the following MS article:

    Once we reset the SSL Settings on IIS, we were back in action.

  80. Chuck

    FYI for anyone running in a locked down environment.

    Upgrading from SP2 to SP3. Got an error when upgrading one of the CAS HUB servers. The error was that it couldn’t start the MSExchangeFBA service because it was disabled. Well in our environment we are required to have that service disabled. Unfortunately the Readiness checks didn’t catch it and the installer refused to continue. The fix is to set the service to auto and start it before applying SP3. Then you can disable the service and verify that OWA still works using integrated authentication.

  81. Robert

    Hi Paul thanks for the info! just a quick question, I’m still a noob regarding exchange server 2010 so please bear with me.

    I’ve read Kimmos comment that he upgrade from exchange 2010 RTM to SP3. I was planning to do the same. I just want to ask, what are the consequences of doing it? Do I loose some configuration or emails? Thanks!

  82. Kim Kovacs

    Hey Paul – Quick question: Do you know if I can put a new Exchange 2010 CAS server in my CAS array if the new server is running on Windows 2012 & the others are on Windows 2008 R2? Looks like it’s working & it’s available to outside clients, but my Outlook 2010 internal clients can’t see it. They can ping the array name, everything looks like it’s configured properly, so I’m wondering if I’ve run into an OS difference again?

  83. Robert Kruk

    Thanks Paul! running through this now. crossing fingers it goes through smoothly.

  84. Jared Woodruff

    Great read as always Paul.

  85. Arshi

    I have Win 7 Ent workstation. which have Exchange Management console 2010 SP1 installed (14.01.0218.013)
    Recently, my senior upgraded Exchange server 2010 SP1 to SP3.
    Since then EMC is not working on my worstation. I downloaded “Microsoft Exchange Server 2010 Service Pack3”
    when I ran the installation I came across this error (which I am copying AS IS)
    Preparing Setup

    Elapsed Time: 00:00:00

    Stopping Services

    The following error was generated when “$error.Clear();
    & $RoleBinPathServiceControl.ps1 -Operation:DisableServices -Roles:($RoleRoles.Replace(‘Role’,”).Split(‘,’)) -SetupScriptsDirectory:$RoleBinPath;
    & $RoleBinPathServiceControl.ps1 Stop $RoleRoles.Replace(‘Role’,”).Split(‘,’)
    ” was run: “Service ‘tmlisten’ failed to stop due to error:’Cannot stop tmlisten service on computer ‘.’.’.”.

    Service ‘tmlisten’ failed to stop due to error:’Cannot stop tmlisten service on computer ‘.’.’.

    Cannot stop tmlisten service on computer ‘.’.

    The requested control is not valid for this service
    Click here for help…

    Elapsed Time: 00:00:00

    I disabled Anti virus service but did not work.

    your help much appreciated, I only need to upgrade Management tool on Win 7 workstation (and not the entire exchange server role)

  86. Kiran

    Would like to know if Windows update service be started in Exchange servers?

    What kind of patches and updates are covered during this service?

    1. Vishal Kayangude

      Hi Kiran,

      This is a totally new deployment.

  87. Vishal Kayangude

    Do I need to fier “Prepare AD” and “Prepare Schema” command for all my multiple server when deploying Wxchange 2010/2013. Or this can be done on first server where we are going start.
    Currently I am planing to have 2MBX and 2CAS, let me know where I need to put above command on all server or not?

  88. Angel Castillo

    I’m testing out a Windows 8 Pro workstation and found that EMC 2010 isn’t supported but now that SP3 is out it is. So my question is…can I install EMC 2010 SP3 (Tools Only) on my Windows 8 workstation and still manage my Exchange Server 2010 that’s still on SP2?

    1. Server System Engineer

      No, You don’t need to.
      if it is just the management console, it will work just fine.

  89. Sukhdev

    Hi Paul, We have 2 servers and all the roles installed on both servers, We have created DAG for mailbox and DNS round robin for CAS Array. Could you please suggest the best way to upgrade Exchange 2010 SP2 to Exchange SP3.


  90. Andrew Sedden

    Time for Exchange updates to SP3.
    Number One: I have an old server running Windows 2008 R2. It is the only DC in a domain and has Exchange 2010 installed. It is retired from use so good to test things on. I ran the SP3 setup and it worked perfectly smoothly.

    Number Two: I then moved to the company production Exchange Server: virtualised, not a DC nothing but Exchange installed. It worked perfectly 🙂

    Number Three: A client server same as the retired server – Win 2k8 r2 plus Exchange SP1. Done two now so this should be easy. It failed when uninstalling the original exchange – couldn’t find the source files no matter how many times I gave it the correct location.

    If run SP3 setup it now gets to “Remove Exchange Files” and stops with the message message “Couldn’t remove product with code 4934d1ea-be46-48b1-8847-f1af20e892c1. Fatal error during installation. Error code is 1603.”

    When I run setup /m:RecoverServer /t: “D:Program FilesMicrosoft Exchange” from the SP3 setup folder setup fails with the message “Couldn’t remove product with code 4934d1ea-be46-48b1-8847-f1af20e892c1. Fatal error during installation. Error code is 1603.” (Same as above)

    I’ve noticed that the WMI service gets stopped.

    I read all the way through this thread and found nothing that works.

    HELP !! (please)

    1. Super000

      Did you ever figure this issue out? I have the EXACT same issue. I cannot figure this out. Any help would be appreciated.

    2. Ricardo

      I have the same problem “couldn’t remove product with code 4934d1ea-be46-48b1-8847-f1af20e892c1”. Did you repair it.

      Thanks for your help

  91. Rick

    Installed Rollup Update 2 for Exchange 2010 SP3 last week. Went well and had no issues and no further issues reported by users for 3 business days. I did have installed SP3 with the interim hotfix provided by Microsoft for the delete issue (I never did install UR1 since I heard about the email disclaimer issue). I had to uninstall that hotfix and it prompted for the SP3 installation location. I had deleted it previously so had to unpack it again and then continue halfway through the uninstall. The UR2 took a long time to install but no errors. I already did have the SP3 unpacked and deleted it again afterwards. The following day, did it on a SBS 2011 install (no hotfix) and it prompted for the SP3 location too. So if you do this, have your SP3 installation source available as it appears it might prompt for that location or use by default where it got it last time.

    Good luck but seems like a solid update.

  92. larry

    outlook stops finding the 2010 exchange server , asks for credentials , will only connect after dns flush , this started after sp3 install on exchange 2010, 2 domains, 2007 server still active on second domain, migrations in progress , this has happened after every sp install on 2010 exchange server , is it the client ?

    1. AM

      Hi Paul,

      Do you have any validatation/testing items after the SP3 upgrade?

      1. AM

        Do you have any validatation/testing items after the SP3 upgrade on a CAS server?

  93. Neil


    Do I need to install the hotfixes you got warnings on durring the readiness checks?


  94. Lukas KUcera

    One comment concerning Schema update: you don’t need to perform it from 64-bit domain controller, just from 64-bit member server that is in same site as schema master and have AD management features installed

  95. Jen


    You list the order of upgrade as

    Upgrade your servers in the following order:

    1. Client Access servers (beginning with the internet-facing site)
    2. Hub Transport and Edge Transport servers
    3. Mailbox servers
    4. Unified Messaging servers

    Technet lists it as UM then Mailbox?

    1. Client Access servers (beginning with the internet-facing site)
    2. Hub Transport and Edge Transport servers
    3. Unified Messaging servers
    4. Mailbox servers

    I’ve read elsewhere they’re upgraded alphabetically which coincides with your order of upgrades, just curious if it makes a difference with UM -> MB or MB -> UM

    1. Avatar photo
      Paul Cunningham

      TechNet’s guidance may have changed since I first learned this process. I would follow TechNet’s advice as it tends to be accurate. But I’ve never run into a problem doing it my way.

  96. Sam

    Hi Paul,

    I always go through ur article which helps me lot for solving the issue and provide recommend guidelines.

    I would like to know which site is recommend to upgrade first exchange 2010 sp3 internet facing or non internet facing and why.


      1. Ed

        When I try to run the update the existing Exchange installation is not seen. What am I doing wrong?

  97. Mieffel

    Yesterday I did the SP3 upgrade in our Exchange environment, 3 cas/hub servers, 3 mailbox servers.
    CAS/HUB servers took an average of 45 / 50 minutes, Mailbox servers took around 10/15 min.

    Update was done from SP1 rollup 6 to SP3.

    Allthough it was mentioned that there was no schema update involved coming from SP1 was in our case a schema update involved, during setup an error popped up notifying about insufficient rights to perform a schema update.

    At the CAS/HUBS I received an error that the ‘IIS 6 WMI Compatibility’ component is required.
    Note: This was a prerequisite for SP2, Install the component via Server Manager.
    (this wil save you a lot of time, you receive the error almost at the end of the update)

    Also an advice to stop the Microsoft Antimalware Service.

  98. David G.

    I’m confused.. according to KB you install like:

    1. CAS
    2. HUB
    3. UM
    4. MB
    5. ET

    However, I have 2 locations like this:



    So I get that I update LA-CAS-* first, but then where do I go because CAS in NYC is shared with MB role?

    1. David G.

      1. LA-CAS-*
      2. LA-HT-*
      3. LA-MB-*
      4. NYC-CAS-MB-1
      5. NYC-MB-HT-1

    2. Avatar photo
      Paul Cunningham

      Update the server that has the CAS role first. If that server happens to be multi-role it doesn’t really matter.

  99. Victor

    Hi, frist thanks for this great tutorial, before to update to Sp3 i was redirecting to HTTP without no problem but after update appears to exchange reset to default config. so i’m triying to do this again redirecting to and appears in IE “There is a problem with the security certificate for this site” and i dont want to use a certificate, i have in IIS unchecked “Requiere SSL”, in web.config requireSSL=”false” and changed evirything HTTPS to HTTP as other post sais whta else need to do.

    And other thing if i want to delete a recibed email an error occurs “unexpected error could not process the request” this happens because i dont do this procedure


    1. Avatar photo
      Paul Cunningham

      Trying to run Exchange 2010 without the right SSL certificate is not recommended. An SSL cert is only a few hundred dollars from Digicert.

      You’re getting that error in OWA when deleting emails because your SSL config has been all messed up by you trying to run on HTTP.

      Seriously, just buy an SSL certificate and save yourself all this trouble.

  100. Martin

    Has anyone been getting ‘Outlook is trying to retrieve data’ bubble since upgrading to SP3?

  101. Madhavraj

    update Domain controller to 64 bit and update schema…

  102. Lean Sanchez

    Paul, my Exchange 2010 is located in a child domain…. I have no 64 bit Domain controller on my parent domain. I need to update the schema. What is the quickest way to get this done?


    1. Si

      You can install a 64bit member server in the root domain. It doesnt have to be a DC.

  103. Darryl Brambilla

    Hi Paul,

    Interesting article and thanks for this and your responses. I’m hoping you can help as I have a somewhat unique situation.

    I am currently performing a migration from SBS2003 to Windows Server 2012 with Exchange 2010 installed and have a guide that has worked in the past, but the difference is it went to Windows 2008 R2 instead and Exchange 2010.

    The upgrade has worked for the most part so far however I am experiencing a problem with Exchange 2010 OWA in particular. I performed the SP3 upgrade, and the SP3 Roll Up recently released but it has not fixed my problems. The issue I am having is:

    When a user goes into OWA they can send / receive email fine and perform most operations normally. However, when they go into the Options section and click on Organize Email, Groups, or Phone they get an error that says “Sorry! We’re having trouble processing your request right now. Please try again in a few minutes.”

    All references I have looked at to date seem to point to authentication problems with OWA and ECP virtual directories or IIS settings however I cannot see a problem with my configuration and the settings look as they should be.

    I’d appreciate any guidance you could give me on this.

    Best regards,

  104. Joergen

    Hello all, I succeded in installing SP3, hower the SP3 Update Rollup 1 will not install.

    after saying “stopping Services” it immidiatly goes into “rollback action” , no errors show – nothing written to setup log.
    Any Ideas?

  105. Richrd Hubbard

    I am about to update to Exchange 2010 SP3. When Exchange was first installed, I mistakenly installed .NET Framework 4 (reading from Exhcange 2013 preparation instructions). Now, I am boxed in, with .NET Framework 4, I cannot run any rollups and if I uninstall .NET Framework 4, I cannot run the 2010 EMC, either from the server or remotely. I was able to install SP2, but no rollups since. I’ll know in a couple of days if SP3 will install. Will SP3 fix the issue of rollups/version4 incompatibility?

    1. Avatar photo
      Paul Cunningham

      My Exchange 2010 servers are running SP3 and have .NET 4 installed.

      1. Joergen

        I have found this 2013 article also and the fix works also for 2010 SP3 – it seems someone have tried to clean up after public folders was removed.

  106. Joergen

    HI, I got the following error when updating the AD – any ideas why?

    Organization Preparation

    The following error was generated when “$error.Clear();
    install-AdministrativeGroup -DomainController $RoleDomainController

    ” was run: “Active Directory operation failed on AALS20.neas.local. The object ‘CN=Folder Hierarchies,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Nordjysk Elhandel,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=neas,DC=local’ already exists.”.

    Active Directory operation failed on AALS20.neas.local. The object ‘CN=Folder Hierarchies,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Nordjysk Elhandel,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=neas,DC=local’ already exists.

    The object exists.
    Click here for help…

  107. Joe

    Hi Guys,

    this article is great! so are you saying there is no AD schema for Exchange 2010 from SP1 to SP3?

    so there is no need to run schemaprep and prepareall domains again?

    I was going to run this a few days before my upgrade to make sure replication occurs successfully but this is not necessary anymore?

    I have scheduled a 10 hour outage in about 1.5 weeks to upgrade my 4 Datbase servers, 2 CAS and 2 HT servers. Hoping this is enough time.

      1. Avatar photo
        Paul Cunningham

        SP3 includes a schema update. You need to either manually run it following the normal schema update steps (which you seem to be familiar with already). If you have multiple domains in your forest then yes you need to run /preparealldomains or prepare each domain individually. If you have one domain then /PrepareAD is easier.

        Running the schema update on the Schema Master is one way to do it. You can also run it from the Exchange server as long as it is in the same domain and AD site as the Schema Master.

  108. Mahesh

    • Yesterday I have upgraded Exchange 2010 service pack 3 for my customer successfully.
    Prior to update I had searched MS online documentation and numerous blogs and posts for Exchange Service Pack upgrade so as to avoid or minimize failures.
    Based on my experience and findings, it is not painless activity but we can try as much as possible to make it painless by implementing proper prerequisites and proper plan. Just thought to share all those prerequisites and planning we had might help to Exchange Administrators.
    • Precautionary Measures Prior to Deploy Exchange 2010 Service Packs 3:
    o Important and appropriate latest Windows Server patches must be deployed.
    Do not update KB2506143 (Not supported for exchange 2007 & 2010 and might create issue)
    o Exchange BPA needs to be run and address any critical issue reported by him.
    o Checksearch MS online KB articles for known issues with Rollup update Service packs.
    For Ex. in case of Exchange 2010 SP2 RU6 and SP3
    o Download ExPerfWiz.ps1 from and Execute Performance data collection Script for Exchange 2010 server to identify any performance bottle necks related to Memory, Disk Sub System etc. You can get more info about command syntax from above site.
    o If you are upgrading from RU to newer RU or newer Service Pack, check if Previous RU setup (.msp .msi) files must be resided in %Systemroot%Installer folder or upgrade will fail. Check article.
    o Ensure that account to be used must be domain account. Account must be member of Exchange Organization Management and must be local administrator on exchange server. If the same account is used to update AD schema, then it also must be member of Domain Admins, Schema Admins and Enterprise Admins Group Membership.
    o Service Pack Rollup update sequence must be as below.
     CAS
     HUB
     UM if you have
     MBX
     Edge Transport

    • Activities to be done on Exchange Server to be upgraded prior to Deploy Service Pack:
    o Ensure that you have Latest AD and Exchange Server System State Backup with all Mailbox Databases full backup
    o If you prepared AD schema manually, then force replication to all domain controllers in forest.
    o Uninstall Remove any Interim Updates (IU) provided by Microsoft to address specific issues as Service Packs are cumulative and contains all fixes since last service pack.
    o Microsoft has published 2 articles related to PowerShell Execution Policy as below. – Correct One – Don’t understand why MS published this confusing article.
    First one is the correct and set your exchange server powershellexecutipolicy accordingly.
    o Check Exchange Server IPv6 status in network card properties and enable it if not enabled already.
    o Disable certificate Revocation Check on Exchange Servers. Check below link.
    o Stop and Disable Antivirus Software services completely.
    o Stop and Disable Backup Software Services Completely.
    o Stop and Disable SCOM services if any. Also on SCOM server put Exchange Server in Maintenance Mode.
    o Stop and Disable SCCM agent services if any.
    o Stop and Disable any 3rd party software processes / services.
    o In case of Hub Transport Server, disable windows Firewall for all profiles but Firewall service must be running. Remove server from NLB. Also remove server from Send Connectors.
    o In case of Mailbox Server, Firewall must be enabled and running. To avoid any disruption, add a custom inbound and outbound firewall rules which allows all programs and allports through all firewall profiles. Check below Link.
    Also put server in Maintenance Mode with scripts provided by Microsoft or as guided in below link.
    o Make sure that File Share Witness (FSW) is online if it is other than HUB Transport Server.
    o Copy Exchange Service pack Binaries in compressed format on Exchange Servers and Extract it with some extraction software to avoid file alteration during transit or copy process.
    o Lastly reboot server to be upgraded and then start Exchange setup from extracted dump.
    o You must run Setup with “elevated Command Prompt” or “Run as Administrator”.

    After obeying above Hugh checklist I got success to deploy Exchange 2010 Service Pack3 over SP1 in production environment without ant failure.
    Good Luck

    1. Misha

      Thanks Paul for this great article, it’ll be really helpful when i’m gonna upgrade our Exchange 2010 servers next week.

      Thanks Mahesh for the additional tips.

      Has anyone an idea about how long the upgrade of the databases would take ?
      5 Databases each around 180GB.

      Regards Misha

  109. Jack

    For a multirole environment what is your thought on applying SP3? Does the same process in this blog still apply?

    multi-role servers (M/C/H)
    2 DC’s


    1. Avatar photo
      Paul Cunningham

      Yes. Start with internet-facing servers first, and combine the CAS Array/DAG preparation and steps together for the multi-role servers.

  110. Brenton

    I have been told from PS people that the database schema upgrade only occurs if you are upgrading directly from Exchange 2010 RTM.

    Hi Brenton,

    I have confirmed with product group that there was no schema update in SP2 or SP3. SP1 was the last one. The release notes mentions it because someone could go from RTM directly to SP3 and they would see the upgrade happen when the DB is mounted.

    Best Regards,

    1. Avatar photo
      Paul Cunningham

      Correct. Unfortunately the initial version of the release notes was quite vague about that. Glad to see it got updated.

      “If you’re upgrading the Mailbox server from the release to manufacturing (RTM) version of Exchange 2010 to Exchange 2010 SP3, the database upgrade process could take an additional 30 minutes or longer per database. You can track the progress of the database upgrade process by examining event 1185 in the Application event log on the server you’re upgrading.

      If you’re upgrading from Exchange 2010 SP2 or SP1 to Exchange 2010 SP3, the upgrade process takes less time. You also won’t see any 1185 events in the event log.”

  111. John P

    I have a question to all that have upgraded to Exchange 2010 SP3.. What are you using to backup your DAG’s, I use Backupexec 2010 R3 and apparently Exchange 2010 SP3 is not supported yet?

  112. Mahesh

    Dear All,
    I am close to Exchange 2010 SP1 to SP3 upgrade.
    Have few confusions.Please help me to clear the confusions prior to start.
    I am confused with and
    On my Exchange servers all powershell execution policies are undefined except “LocalMachine” set to “RemoteSigned”.
    Which KB article should I follow as I have Exchange 2010 SP1.
    Also if upgrade fails, what will be the workaround ?
    Do I need to use RecoverServer Switch OR any twik is there to restart SP3 installation ?
    Thanks in Advance..


  113. Sasha Odarchuk

    Hi all!
    i have E2010 RTM, 2 domains (domain.local and comp.domain.local) and 2 servers:
    -CAS/HUB in domain.local
    – MB in comp.domain.local
    all users are in comp.domain.local

    All domains and forest level = 2003!

    What is step-by-step upgrade for my Exchange??

    1. Avatar photo
      Paul Cunningham

      The step by step process is explained in the article. Is there something specific you’re not sure about?

      1. Sasha Odarchuk

        Paul, what about
        setup /PrepareSchema
        setup /PrepareDomain
        setup /PrepareAllDomains

        i need run this command if i have forest with 2 domains ???

        1. Avatar photo
          Paul Cunningham

          You can use /PrepareAD for the forest root (which automatically does /prepareschema and /preparedomain for the local domain).

          Then you can use /preparedomain or /preparealldomains for any additional domains in your forest.

  114. Robert Veiksaar


    First I must say that this guide is excellent and it is perfect to follow in our attempts to upgrade 4 CAS- and HUB servers an then 4 mailboxservers.

    I first did a /prepareAD and then setup /m:upgrade /Hosting because we have a hosted exchange with about 100 customer sites.

    The problem we encounter when trying to upgrade the CAS/HUB servers, version 14.02.0247.005, was that it failed in the end of HUB transport role upgrade with the following error.

    Configuring Microsoft Exchange Server

    Language Files COMPLETED
    Restoring Services COMPLETED
    Languages COMPLETED
    Hub Transport Server Role FAILED
    The following error was generated when “$error.Clear();
    if ( ($server -eq $null) -and ($RoleIsDatacenter -ne $true) )
    Update-RmsSharedIdentity -ServerName $RoleNetBIOSName
    ” was run: “Object ‘servage.local/Users/FederatedEmail.4c1f4d8b-8179-414
    8-93bf-00a95fa1e042’ in organization : the linked object of property ‘RMSCompute
    rAccounts’ is ‘servage.local/Microsoft Exchange Hosted Organizations/Servage/com
    puters/CAS04’, which doesn’t exist in the same organization with the object. Pro
    perty Name: RMSComputerAccounts”.

    After searching for info on Google the tip was to delete this user with ADSI edit and rerun the upgrade and it would succeed. The user could be added after the upgrade job was finished. But when I did a rerun it failed at on the same spot but with a different errormessage.

    The Exchange Server setup operation didn’t complete. More details can be found
    in ExchangeSetup.log located in the :ExchangeSetupLogs folder.

    Exchange Server setup encountered an error.

    Configuring Microsoft Exchange Server

    Language Files COMPLETED
    Restoring Services COMPLETED
    Languages COMPLETED
    Hub Transport Server Role FAILED
    The following error was generated when “$error.Clear();
    if ( ($server -eq $null) -and ($RoleIsDatacenter -ne $true) )
    Update-RmsSharedIdentity -ServerName $RoleNetBIOSName
    ” was run: “RMS Shared Identity user FederatedEmail.4c1f4d8b-8179-4148-9
    3bf-00a95fa1e042 not found.”.

    The Exchange Server setup operation didn’t complete. More details can be found
    in ExchangeSetup.log located in the :ExchangeSetupLogs folder.

    Exchange Server setup encountered an error.

    I’m stuck in a loop here, because if I add the user manualy or make a prepareAD (user could be corrupt) again it fails again, so any help would be appreciated.

    1. Victor

      Hello I am running into the same issue, “Update-RmsSharedIdentity -ServerName $RoleNetBIOSName”
      Were you able to resolve this issue


  115. CMRamos

    Stopping services failed after 20 minutes on WinMgmt service stuck in Stopping state. Used Process Explorer to identify the PID and manually killed the process ID overall. Reran Setup and it breezed through Stopping Services and into the meat of the SP3 Upgrade. 3 hours in on first Mailbox Server and making Progress at last!

    1. CMRamos

      Finished at last 3.5 hours later!!! Hopefully the remaining 3 mailbox servers go a bit smoother.

      1. CMRamos

        Ok, after 24 hours into a 42 hour Maintenance Window in which 12 of 16 Exchange 2010 Servers were brought up to SP3 from SP2 RU4v2 in 6 hours, and its taken me a little more than 12 hours to do the Mailbox Server, I am DONE! Here is a wrap up on lessons learned, and I apologize in advance for the haphazard writing and grammer…

        On Mail Server 1, we didn’t run into any issue with the Discovery Search Mailbox, but it cropped up on Server 2.

        There were two solutions out there for this issue related to E2010 RTM and SP1, but nothing I could find related to SP3:
        1) Manually Disable/Enable/Permission the DiscoverySearchMailbox, or
        2) Delete the DiscoverySearchMailbox altogether and recreate it again later.
        We used Option 1 to complete Server 2 successfully, but the same issue cropped up yet again when we moved onto Server 3, so we exercised Option 2, deleting the DiscoverySearchMailbox altogether. My recommendation should you run into this error (which requires a Reboot before you can Retry again) just Deleting the mailbox and recreate afterward. That said here are the steps we took.

        Open Exchange Powershell to run: StartDAGserverMaintenance.ps1
        Disable TrendMicro Services
        Disable SMEX Services
        Disable WinMgmt Service
        Reboot the Server
        When the server comes back online, Enable and Start WinMgmt Service. *
        * Not sure why, but SP3 has a lot of trouble Stopping all the WinMgmt associated PID’s during the Upgrade Phase, which causes the Stopped Services to take a long time only to timeout after 20 minutes. Restarting the Server with this service Disabled prevents a number of the WinMgmt subsystems from starting, thus is no longer a problem during the Upgrade phase.

        Have PSTOOLS from SysInternals installed to use PSKILL in an Administrative Command Prompt. During the Readiness Check phase of the installation, it may stop because a service is running that it was not programmed to stop itself. Use PSKILL to kill the service(s).
        Using Setup GUI, run as Administrator
        Steps are fairly straight forward as outline in the article above, and they were just like that when we installed in our Lab for Testing. However, like I noted previous, things go wonky between Lab and Production implementation.
        What goes on under the hood, SP3 Installation seems to have little resiliency for processes that take a little longer than usual to Stop or for Stopping (Even if with a Prompt to Confirm to Kill/End) a Process its unfamiliar with leading to A LOT of frustration and wasted time.
        During the Readiness Check at least there is a Retry option when some process is found running that SP3 is unfamiliar with under the *Role Prerequisites section, and there will be thus the PSKILL at the ready.
        During the Upgrade/Progress there is no Retry option, and ANY failure detected requires you to start the Upgrade all over again, and in some case Reboot before Retrying like in the DiscoverySearchMailbox issue noted above.

        The most critical of stages in the Upgrade Phase to watch are the Stopping Services and *Role Upgrade stages. Unfortunately on two of my servers, Exchange services were slower to stop causing the GUI to timed out and restart the SP3 installation to proceed. This is also where we ran into the WinMgmt timing out after 20 minutes. Rather annoying.

        When one server is complete, enable the Disabled Services above and Reboot.
        Check Server and Service Health before running StopDAGserverMaintenance.ps1
        Move onto the next server and repeat as above.
        After your last server is done, Rebalance and Call it a Day… Have a good Single-Malt calling my name. 🙂

        No matter how easy your CAS, HUB and Edge servers are, the Mailbox servers are going to take 2-3x longer because of this fiasco. Pad your Change Window with some extra time – just in case.

        Unfortunately for me, I didn’t encounter any of these nuances in the Lab prior to Production Implementation; otherwise, I would have documented and prepared accordingly to make Production as smooth as can be.

        Fortunately for you, I took the time to summarize my Production Implementation headaches and findings to hopefully save another poor soul some aggravation. Staying this current is the price we pay for being on the bleeding edge.

        1. Avatar photo
          Paul Cunningham

          “Disable TrendMicro Services
          Disable SMEX Services”

          I’ve had a similar experience with SMEX and Exclaimer services.

          Thanks for sharing your experience with the upgrade 🙂

        2. CMRamos

          Ok, there was a bit of unforeseen fallout that we have attributed to SP3 installation that I would like to share.

          If you are still using OWA, SP3 appears to Change, Disable or Reset the Forms Authentication requiring it to be reconfigured in a specific way. Reference Article for configuration of Exchange-related Virtual Directories:

          Be sure to thoroughly test OWA access after installing SP3 and verify Forms Authentication if applicable to your environment. The strangest part of our testing was that some OWA users worked while many others did not, and since this is a Global setting that should effect all OWA users, I can only surmise that the “working” client had a Cached page, credential or certificate that would have eventually expired leading to the same issue.

  116. CMRamos

    Great summary, but as the Comments have outlined its not as straight forward as it should be.

    I’m actually in flight with my rollout of E2010 SP3 as I write this… We have no multi-role servers so our install order is 7 CAS, 2 HUB, 3 Edge, and 4 Mailbox servers last. We’ve had SP3 installed and tested in our Lab for over a month now without issue, so I would support your 20-30 min estimate. Unfortunately that time does not account for Production User Load and Traffic, not to mention Lab database sizes are significantly smaller typically.

    That said, from Midnight until 5am the CAS, HUB and Edge were completed successfully. I’d estimate them at 45-60 minutes each server. Caught a few winks before starting on the Mailbox servers at 9am this morning, and that’s where my headaches started.

    After the 3 Retry on the Setup’s Readiness Checks in little less than 2 hours, I’m in the process of Rebooting the server entirely to start with a clean slate. This is only the first of 4 Mailbox servers on a DAG with 20 databases. Fortunately for the DAG configuration, availability is not an issue right now so I don’t have 10000 users breathing down my neck right now. I anticipated possible complications, so I gave myself a significant 36 hour change window. Did not expect 2+ hours on one mailbox server after the CAS, HUB and Edge servers went relatively smooth. Hopefully this is an isolated problem child with this server, and not indicative of the remaining rollout on the mail servers.

    Will post updates and anything I discover…

    1. CMRamos

      After the reboot, it didn’t take the 4th try to fail Readiness Checks to PSKILL two background services that were running. Once those processes were killed the Readiness breezed right through this time, and not onto the actual Upgrade. Now into the next problem area of “Stopping Services”…

  117. Hafeez

    Excellent Work Paul,

    I am planning to upgrade Ex 2007 (RTM) single server to Exchange 2010 single server with latest updates. Kindly help me with your expert advise. We have Ex 2010 SP1 STD license.

    My plan is as below:

    1) Upgrade existing Ex 2007 to Ex 2007 SP2 to support co-existence.
    2) Install Ex 2010 server and then follow the migration steps.


    1) If i use Ex 2010 SP2 setup to Install, will it support Ex 2010 SP1 product key which we have, or I shall install only Ex 2010 SP1 and then install UR 8 for Exchange 2010 SP 1 (KB2787763)

    2) As mentioned in the comments above. it is not recommended to use Ex2010 SP3 as it not proven yet..
    Can i use Ex 2010 SP2 Setup for Installation rather than installing Ex 2010 SP 1 and then UR for SP1?

    3) Minimum we need Ex 2007 SP2 for co-existence. right? or we must install Ex 2007 SP3 before introducing 1st Ex 2010 server. Ex 2007 update order will be as below:
    a) SP1 > SP2 > SP3
    b) SP1 > SP3

    which one i shall follow

    4) Last question how much downtime we need, during Co-existence.. i.e.:while changing / configuring CAS. HT roles.

    Appreciate your quick response.. my project is starting in 3 days..

    Thanks once again..

    1. Rick

      1. Service packs do not affect product keys, you will be fine. Install your SP2 setup.

      2. If you are worried about Exchange 2010 SP3 then only install up to SP2 UR5-v2. The SP2 UR6 includes the issues that are with SP3.

      3. I believe you only need to be up to 2007 SP2 to migrate

      4. If planned correctly, you shouldn’t have downtime. During co-existence, the clients gets redirected to the new server automatically. I did mine from 2003 to 2010 and did it over a weekend. Depends on size of environment of course.

      This might help to:

      1. Hafeez

        Thanks a lot Rick 🙂

      2. Hafeez

        Dear Rick.

        I will do the installation using Exchange 2010 SP2 setup in below order:

        Plan A:
        1) CAS
        2) HT
        3) MBX
        4) UR5-v2 for all above 3 roles.

        Plan B:

        1) CAS
        2) UR5-v2
        3) HT
        4) MBX.

        I believe Plan A is correct, Plan B is just a thought. whats your opinion?

        Thanks Dude 🙂


  118. Hanon

    Great work Paul.

    Question, II Have an environment with one exchange server with CAS, HUB and Mailbox with no services pack and the server is win 2008 R2 standard running out of memory – I need to install a window server 2012 with Exchange server 2010 sp3 in the same environment but migrating all users to the new environment and decommissioning the old server . What do I do in this scenario ?

    1. Rick

      Create new environment and use the move mailbox wizard. Leave the old server online until all clients connect so their Outlook profile gets redirect automatically. Then follow standard procedure to remove old exchange server.

  119. Dan Hall


    Thanks for all the comments here. I have found it all very interesting.

    Not sure if anyone can help me with an odd problem I have with my installation?

    I have 2 multi role Exchange 2010 servers in a DAG. I updated these to SP3 without issue. I then installed Exchange 2013 which also went through without issue. All seems fine, imported certificates, can send and receive mail from Exchange 2013.
    The strange problem I have is when trying to add the new Exchange 2013 server to my existing Exchange 2010 DAG. From the ECP in DAG’s, it shows the two Exchange 2010 servers. I then try to add the Exchange 2013 server but it says; ERROR. Server ‘SVR08-EX01’ must be running Exchange Server 2010. ???

    If you go to servers my versions are: 14.3 (Build 123.4) and 15.0 (Build 620.29) I believe there are correct. Not sure what to check next!

    Any help or pointers would be much appreciated.

    1. Avatar photo
      Paul Cunningham

      DAGs are version-specific. An Exchange 2013 server can’t be a member of an Exchange 2010 DAG.

      1. Dan Hall

        I wondered if that was the case as mailbox moves are working fine.

        Time to install another 2013 box then!

        Thanks for the information.

  120. Paul Slager


    Are there any issues with upgrading in Environments utilizing Lync 2010 especially on the schema update end, as well as Microsoft Dynamics CRM 2011 Email Router.

    1. Avatar photo
      Paul Cunningham

      For Lync, I believe you may need to redo the Exchange parts of the integration, as the SP3 install will wipe out customizations.

      Schema-wise, no issues that I’m aware of.

      CRM, no idea. You will need to check to see if the Dynamics team has published any notes or warnings about compatibility issues.

      1. Erik

        Hi Paul S and Paul C,

        Slager, have you upgraded to Exchange 2010 SP3 yet?
        If so, did you experience any issues with either Exchange or Lync?

        We are running Exchange 2010 SP2 and Lync 2010 in our environment.

        We only have one Exchange server and it is running the following roles:
        Mailbox, ClientAccess, UnifiedMessaging, HubTransport

        I am a bit worried about the Lync part. What kind of customization’s will it wipe when we upgrade to SP3?

      2. Mahesh Manjrekar

        Hey Paul,

        We are planning to upgrade to SP3 and we have Lync OWA Integration with Exchange, will there be any issue if we upgrade to SP3 with Lync Integration. As you mentioned customization will wipe out …. do you mean to say we have to re-install the Lync components which we have installed on CAS servers…????

  121. Marcus

    Hi Paul, thanks for all the great info you provide!

    How long would you give SP3 to mature before applying to production servers?

    1. Avatar photo
      Paul Cunningham

      Well it isn’t a wine that gets better as it ages.

      I recommend you simply do your research in the TechNet forums and on the Exchange team blog (look at the comments on the post that announced SP3) for any common issues people are seeing. Investigate whether any of your third party products (backups, AV, Blackberry etc) are incompatible. Apply to a test environment if possible. Deploy to prod with a good roll back plan ready just in case.

  122. George

    I have taken over a very old installation of Exchange 2010 with no service packs at all (!) and I’m thinking about installing SP3 on it. It is the only server in the organization, with all roles installed.

    Are there any recommendations how to do this (like installing SP1 first, then SP2 then SP3) or I can just install SP3 straight away? Taking a full backup first, of course.

    Thank you!

    1. Avatar photo
      Paul Cunningham

      Each SP is cumulative, so you can just go straight to the latest one.

      You should expect a potentially lengthy upgrade though as the DB schema has changed since the RTM version.

      1. George

        Thanks, Paul! That’s reassuring! I’m slightly worried because the company has about 180GB of e-mails and if the installation fails I may have to go for plan B. Currently this means re-storing from backup, but I hope to come up with something better.

    2. George

      Just looked again at all comments above and found that others (like Robert Martin) went through this already, so I take that it’s possible to go from no SP to SP3.

      Obviously backup, backup and backup again!

      I’ll plan for this for next maintenance window…

  123. I have :
    Exchange Server 2010 Standard
    Version : Version 14.1 (Build 218.15)
    and i want to install SP3 , What should I care during installation ???

    many thanks

    1. Paul

      I have the same version as you and I am also curious seems like several people have had issues which worries me.

    2. Robert Martin

      I just went through that (no SP to SP3). I did backup EVERYTHING (SYS STATE, EXCHANGE hub/cas/mb & Edge) to be safe, but the wizard did everything. It checks your environment and will make suggestions if there are deficiencies. Follow the suggestions for role order if you have a complex environment. I sweated a lot but it came through minimal problems. I did have issues with back pressure but I am not sure if that was an SP3 thing or the fact that SP3 left 1.5GB in C:temp on the edge server. Deleting the temp folder to get more disk space remedied the back pressure issue.

  124. Matt S

    A client of mine is looking at doing an SP3 upgrade in a multi-server environment. Would it be possible to stagger the installs where the CAS server would be on SP3 for a couple days before the 2 mailbox servers are upgraded, and then do the Edge Transport a couple days after that? I assume the environments would function, considering upgrading your CAS servers won’t “bring exchange down” until everything is SP3, but I was seeing if there were any significant problems that would, or any functionality that would clearly limited.


    1. Avatar photo
      Paul Cunningham

      Yes you can roll it out over a period of days. Start with the internet-facing site/servers first.

      1. Jonby

        Similar question I have with this. We have 2 CAS server and 2 Mailbox Exchange servers. Could just upgrade 1 CAS to SP3 and then 2nd CAS to SP3? We’re nervous about upgrading both CAS at the same time and being down.


        1. Jonby

          thank you. we got both of the CAS servers updated to SP3. Only thing we had to do was stop the RightFax Connector service before starting the update. It took us 2 and 1/2 hours to complete on each server. We’ll do the 2 mailbox server over the weekend. Thanks again.

  125. Gregski

    I’m confused. You say run /PrepareAD under Applying the Schema Update section, what about /PrepareSchema?

    Shouldn’t we do it in this order?

    Setup /PrepareSchema

    Setup /PrepareDomain

    1. Avatar photo
      Paul Cunningham

      /PrepareSchema – adds the attributes to the schema

      /PrepareAD – does the above if not already done, then does a bunch of stuff like adding AD groups, security permissions, etc etc

      /PrepareDomain – only needed if there are additional domains to update.

      So for a single-domain AD Forest you only need to use /PrepareAD unless you have a specific need to separate out the tasks (eg different teams doing them).

  126. koko

    This is good guide. please keep it up.
    I used the guide to update my exchange servers cas/hub and edge successfully. However, on mailbox role, am stucked at language files task. i keep getting the following error:

    Summary: 6 item(s). 0 succeeded, 1 failed.
    Elapsed time: 00:21:44

    Language Files

    Installing product E:ToolsEXSP3koServerLanguagePack.msi failed. Another installation is already in progress. Complete that installation before proceeding with this install. Error code is 1618.

    Another installation is already in progress. Complete that installation before proceeding with this install
    Click here for help…

    An unexpected error has occurred and a Watson dump is being generated: Installing product E:ToolsEXSP3koServerLanguagePack.msi failed. Another installation is already in progress. Complete that installation before proceeding with this install. Error code is 1618. It was running the command ‘Install-MsiPackage -PackagePath ‘E:ToolsEXSP3koServerLanguagePack.msi’ -LogFile ‘C:ExchangeSetupLogsInstall.ko.Server.20130323-135815.msilog’ -Features ‘AdminTools’,’Mailbox’,’ClientAccess’,’Gateway’,’Bridgehead’,’UnifiedMessaging’,’ServerLanguagePack’ -PropertyValues ‘LOGVERBOSE=1 TARGETDIR=”E:Exchange Files””.

    Elapsed Time: 00:21:44.

    There are no installations going on all the other exchange servers and I have restarted the mailbox server several times but getting the same error.

    Please help out!!!

    1. John

      Did you get this figured out? I have the exact same error with Exch 2010 SP3 install.

      1. Gabe

        Did anyone figure this out? We just applied the CU3 patch for 2013 and had to roll it back because it failed. Now we are receiving this same error and mail flow is halted.

        1. ChrisH_ZA

          I encountered the same problem, I fixed it by opening task manager and ending the active msiexec.exe process. To continue where the upgrade ended I started the setup with the following command: “Setup /m:RecoverServer”

  127. Robert Martin

    I have the following;2008R2 SP1 (Enterprise VM) with Exchange 2010 14.00.0722.000 and an old sbs 2003 sp1 with Exchange 6.5.7638.1. I am trying to retire the SBS 2003 that has the bulk of mailboxes and Public Folders. I was thinking about going from Exchange 2010 (no SP) directly to SP3 and then moving MB’s and PF’s. I could not find any incompatibilities but cannot brick their SBS Exchange. Will the upgrade, which involves an AD Schema modification, cause any issues with the SBS Exchange? Or can anyone think of any other issues?

    1. Rick

      The only AD schema change is ms-Exch-Calendar-Logging-Quota and the references that you are on AD Schema Exchange version 14733.

      I am doing a SBS 2003 to SBS 2011 migration myself and hoping the MS fixes the deletion issue otherwise I plan on going straight to SP3. Did it in a VM test environment and didn’t have any issues.

  128. Rick

    We updated our Exchange 2010 environment (2 CAS/HUB and 2 MBX in DAG) last week to SP3 and it took awhile but the update went very smooth. BUT, I would hold off on installing RU6 for SP2 or SP3 as we ran into quite a known bug that is just now surfacing. I was on the phone with Microsoft last week for hours as they gathered logs. Microsoft is aware of an issue where random users cannot delete certain emails unless they do a hard-delete. They said it is due to the a fix in RU6 but also happens in SP3 since it includes RU6.

    If I had known what I know today, I probably wouldn’t of install SP3 and waited. We decided to install it for the fix that helps the battery drain on EAS devices due to a loop in communication.

  129. David Musashi

    Did the upgrade this weekend with no problems. Thanks for this post!

  130. tekfreak

    If you have custom OWA HTTP to HTTPS redirection configured in IIS, SP3 will reset these settings to default.

    1. Carlos

      I can verify this behavior. More so with us we had redirection set at the root of the Default Web Site, then turned off on all of the virtual directories. The upgrade turned the redirection back on all of the virtual directories, essentially breaking all CAS to our array. Led for a panicked few minutes since we didn’t have the redirection on our lab environments, only our production environment. Be careful with this!

  131. Martin Tillbrook

    I have tried doing this upgrade but its gone very wrong!
    It was all going well until the setup tried to restart services. It fails there saying it cant start the Exchange Service Host service. Needless to say I have tried a number of different things to get this service started but i cant!

    Any clues? Cheers

  132. Sachin Patil

    While upgrading exchange server from 2010 sp2 to 2010 sp3, facing schema related error, tried /prepareAD as well, but it didn’t work.

    1. Sachin Patil


      I have tried to upgrade exchange server 2010 sp2 to sp3m, but everytime it is failing as it fails to restart the services like “Exchange Service Host service” and Service ‘tmlisten’ failed to stop due to error:’Cannot stop tmlisten service on computer…

      please provide your suggestions…

      1. Clement Ho

        Stop your Antivirus software

        1. Witto

          Yes, stopping the Antivirus Realtime monitor did the trick.

      2. Server System Engineer

        Did that work Sachin ?

  133. Mark

    Well, after waiting for 72 hours, the “Languages” part of the upgrade is still waiting. I think that’s very much broken. In fact I know it is. I rebooted the server and EMC wouldn’t open. I had to revert to a backup of the web.config file. OWA was shot and recreation of the VDs didn’t work. Mail was flowing, but I had no management. I had to build a second Exchange Server into the environment (which I patched to SP3 immediately – which worked) and then moved all the roles, certificates, mailboxes and PFs over. Now however, I’ve got an Exchange box that I can’t remove and if I try and insert the original Exchange 2010 SP1 media, it keeps trying to carry on with the SP3 upgrade. Is there I way I can delete the temp files that have been copied for SP3 and to remove any traces of the proposed upgrade?

      1. Mark

        Hi Paul,

        Firstly, thank you for your continued help with such issues, it is appreciated. I’ve resolved the issue today by doing the following:

        Removed the SetupSave from the registry under Software/Microsoft Exchage
        Removed the SetupMSI folder from the Exchange install location (DriveLetter:Program FilesMicrosoftExchange Serverv14

        I ran the upgrade again and it installed straightaway, total time, 40 mins 🙂

  134. Mark

    Hi Paul, great article as always. I’m in the process of upgrading a lab environment and the install is currently well over an hour. It’s spent an 1h20m on “Languages” (after Restoring Services and before Hub Transport). In your screenshot, Languages took about 2m30s.

    Would you know what might be wrong?


    1. Avatar photo
      Paul Cunningham

      Depends on the power of your lab servers. Mine are relatively new and have lots of power to spare at the moment. But in other years I’ve run my labs on fairly low powered hardware and everything just takes longer.

  135. TomM


    We have 2 CAS servers, 2 Mailbox Servers in DAG mode, running Exchange 2010 SP2 Rollup 6.
    I’m unable to install SP3 at all on any of these servers.
    I have tried to run “setup /prepareAD” on Domain Controller as well and it fails with the same Error:

    Some controls aren’t valid.
    – Exchange Server cannot be installed in the directory C:Program FilesMicrosoftExchange ServerV14, which contains profile files of the current user.

    Any suggestions/ideas?


  136. Dan

    Hi All

    Im installing SP3 on our 2 exchange servers this morning in a DAG enviroment, the first finshed in less than a hour and the other has been stuck on Hub Transport role for over an hour.

    The server that is stuck is running Forefront for Exchange 2010, not sure if that makes any difference, its also the server that our databases are mounted on.

    Any ideas, why its running so slow on hub transport?

    1. Avatar photo
      Paul Cunningham

      Hub Transport is the role that always seems to take the longest. But why are you upgrading a server in a DAG while it has active databases on it? You should be able to move the active databases to a different DAG member while you’re upgrading that server.

      1. Tony


        We have 2 exchange SP1 servers running DAG in different locations, but logically in same domain site. Each server has all three CAS, Transport and mailbox roles.
        My questions are 1/ should we install SP3 on two servers at same time or one by one?
        2/ Currently we are in SP1, can we install SP3 directly or we have to go SP2 first?


  137. Dread

    Hmmmm…strange issue… I’ve just tried installing Exchange 2010 SP3 and I get the exact same screens as your demo install in this article – right up to the part where its doing the upgrade and showing progress… goes all fine until it gets to the Copy Exchange Files and fails…..cannot copy exchangeserver.msi … and an error code of 2 ….and then craps out…

    The file is there in the sp3 folder…..

    not sure whats going on….any ideas?

    I’ve just noticed that ALL of the Exchange services are now marked ‘Disabled’ and it looks like I’ll have to reset them back to auto before I can re-run the patch again as it will not re-run now.

    1. Dread

      Actually….it would appear that my Exchange 2010 has been uninstalled somehow?!?! My DB files are all still there but Exchange itself is now gone from the server WTF?!?! All the services are still listed as I mentioned before but you cannot start any Exchange services as all the files are gone!


      I have a ShadowProtect backup which I can put back on to recover it – but I am at a loss as to how the whole bloody install can be gone?

      1. Dread

        How extremely odd! All the files are there…but its been uninstalled from the system. Just checked the Programs and Features in Control Panel and its gone. All icons on the desktop/start bar/all programs are all gone….

        Hmmmmm……not sure whether to attempt o ‘fix’ it or just recover the server…will loose a half days worth of email though….but its a Saturday so it shouldn’t be much…how odd…

        1. Avatar photo
          Paul Cunningham

          If you look at the progress screenshot in the article above you will notice a step is removal of Exchange files. Basically service packs are a “build to build upgrade” meaning a full install of a new build. Failing at the step where yours did can leave the server in a non-functioning state.

          You should be able to to a server recovery installation:

        2. Dread

          Cheers Paul – I ended up just recovering the server from the backup I did prior – than heavens for ShadowProtect hey 😉

          Now I’m a tad gunshy to try rolling it out again…..might leave it a few weeks I think 😉

  138. Rajesh

    Exchange 2010 SP3 schema update failed

    Organization Preparation FAILED
    The following error was generated when “$error.Clear();
    initialize-ExchangeUniversalGroups -DomainController $RoleDomainControll
    er -ActiveDirectorySplitPermissions $RoleActiveDirectorySplitPermissions

    ” was run: “The well-known object entry with the GUID “BBBBBBBBEEEEEEEEEEE”, which is on the “CN=Microsoft Exchange,CN=Services,CN=Configuratio
    n,DC=XXXXX,DC=YYYYY” container object’s otherWellKnownObjects attribute, refers to
    a group “CN=Organization Management,OU=Microsoft Exchange Security Groups,DC=XXXX,DC=YYYY” of the wrong group type. Either delete the well-known object entry, or
    promote the target object to “Universal, SecurityEnabled”.”.

    1. Avatar photo
      Paul Cunningham

      That error suggests that your “Organization Management” is not a Universal group. Have you checked that?

      1. Rajesh

        Thanks!!! will promote “Organization Management” to universal group.

      2. tariq

        Configuring Microsoft Exchange Server
        Organization Preparation ……………………. FAILED
        The well-known object entry B:32:A7D2016C83F003458132789EEB127B84:CN=Exchange ServersADEL:a74ec49d-f2e2-4a31-8db4-48f4bb4e2cdf,CN=Deleted Objects,DC=xxxx,DC=xx of the otherWellKnownObjects attribute on container object CN=Configuration,DC=xxxx,DC=xx points to an invalid DN or a deleted object. Please remove the entry and rerun the task.

  139. David Musashi

    Would you suggest installing SP3 just because it’s there or not installing it unless it addresses a specific issue? A little background is we’re going to be migrating to new Exchange 2010 hardware soon. For a time we will have 2 Exchange 2010 systems in existence and I know they need to be the same patch level. I think going right from Exchange 2010 RTM to SP3 on the new box is going to be a easier than RTM to SP2 to RU6 (which is the patch level the existing box is at) however I don’t know of any specific issues we are having that is addressed in SP3. Suggestions?

    1. David Musashi

      I think I may have answered my own question with further research. It seems that if we want to install Exchange 2010 on Server 2012, I have to upgrade to SP3. Would you agree?

      1. Avatar photo
        Paul Cunningham

        There’s a few points to be made here:

        – staying up to date with service packs is generally a good thing. There’s a balance though between applying an update “because it’s there” and being so overly cautious that you lag way behind on updates.

        – SP3 is new and not “proven” yet though I haven’t personally encountered problems with it. SP2 UR5-v2 is probably the latest “proven” version.

        – Generally speaking servers in a site should be at the same level (obviously they can’t always be, eg while you’re working on upgrading them they will be out of step for a period of time) and the internet-facing one(s) are supposed to be the highest version.

        – yes, Exchange 2010 SP3 is the supported version for running on Windows 2012

        So, if you’re wanting to put the new server on WS2012 then I would recommend upgrading the existing server to SP3 first, with the caveat that it is still fairly new and not “proven”.

  140. Marko

    Is it possible somehow to reinstall SP3 on 2010 ?
    I have following situation..

    I have installed SP3 on Exchange server 2010 (on machine A) and after it ono other machine successfuly installed exchange 2013. Domain controller is on the machine B (same as Exchange 2013)
    For some reason I have restored snapshot for machine B .. and now when I run Exchange 2013 install again it says that Exchange on machine A is not SP3 (but it is) .. somehow it seems like domain controller thinks its still without SP3…
    Is it possible somehow to tell new Exchange2013 that Echange2010 has SP3 ?


    1. Avatar photo
      Paul Cunningham

      Marko, you’ve done two unsupported things:

      1) You’ve installed Exchange 2013 RTM into an Exchange 2010 organization. Co-existence is not supported yet, until Exchange 2013 CU1 is released.

      2) You’ve used a snapshot to rollback an Exchange server. This is quite simply unsupported and as you’ve discovered causes technical problems.

      You’ve also installed Exchange on a DC, which is not unsupported but is certainly not best practice, and I personally recommend against ever doing it because it only ever causes me problems.

      To answer your question, can you reinstall Exchange 2010 SP3? Yes, you can try. If it doesn’t work you can try and get assistance for whatever specific error it blocks you with.

      1. Marko

        Thanks Paul for such fast respone..

        I know I have a bit strange neetwork configuration and I plan to migrate DC to a new machine one day. but what bothers me is that before I recovered snapshot for machine B it all worked well..
        First I upgraded 2010 to SP3… and after that installed 2013 to an new machine (same one that DC is on)
        and everything worked..
        after restoring snapshot on machine B (where 2013 and DC were) .. and trying to install 2013 again.. it says that 2010 doesnt have SP3.. but it does..
        When I try to run from SP3 agan it doesnt offer any kind of reinstall but just a options to remove some server roles.. 🙁
        What really interests me is on which criteria 2013 check if 2010 has a SP3 or not… is it written somewhere in DC ? .. if so.. is it possible to manually edit DC so that it reflects a real state.. or some kind of command on 2010 server that will recover DC entries..


        1. Avatar photo
          Paul Cunningham

          So not only did you use a snapshot to roll back an Exchange server, it was also the only DC in your environment? Sounds like you’ve also rolled back your AD to the a state prior to when the 2010 server was upgraded to SP3. Does that sound likely?

  141. Di

    I am preparing to inplement a transition to Exchange 2010 SP2 with UR5v2 slipstreamed (currently have Ex2003SP2). Would you suggest I stay with my plan to install using EX2010SP2 executable or use Exchange 2010 SP3 executable? Any advice is appreciated. Thanks.

    1. Avatar photo
      Paul Cunningham

      Firstly, I don’t recommend you include the UR when you install Exchange 2010 SP2. I recommend applying it after 2010 SP2 has been installed. The reason is that I have almost always had installs fail when I try to include a UR using that method.

      Secondly, SP3 is very new at this time and not “proven” yet. Frankly, given Microsoft’s recent history of quality issues with updates I would recommend you stick with SP2 and UR5v2 for now *unless* something in UR6 or SP3 explicitly fixes an urgent bug or problem you’re experiencing (which I guess is unlikely since you’re still on 2003).

      1. Di

        Thank-you for this expert advice. I will stick with my original plan, with the one change of NOT slipstreaming the UR. I will apply it after the install with elevated rights. And, again thanks for your advice.

      2. Di

        Hi Paul:

        Your expect advice helped me last year. My Exchange 2010 SP2 server has been running without issue for over a year now. (EX 2010 SP2 UR 5-v2). I know I need to apply SP3 as my server is now end of life in this configuration. I have only the one Exchange server holding 3 roles – Client Access, Mailbox, Hub Transport. Honestly, with all the comments, I am a little frightened about updating to SP3. I would welcome any comments or advice you might have to offer me. Any thoughts on how long my users will be without e-mail since you indicate all mailboxes are taken offline during the update? Thanks!

      3. Di

        I should add that I have one Windows Server 2008 R2 SP1 Domain Controller and one Windows Server 2003 SP2 Domain Controller. Will the 2003 DC be a problem?

        Thanks again!

  142. Bill

    I just installed this on a server: took over 6 hours. I think the issue MAY have been that the DC is Server 2012, but the Exchange server was a SP2 install running in Hyper -V. It took over two hours per some sections. There was not an individual hang, just a cluster of hanging. Working great now, though.

  143. Kimmo

    I had a number of issues getting this installed, only some of which were scary. Coming from a 2010 RTM I had a bunch of hotfixes that were needed, but that was straightforward enough.

    However, also hit on a number of issues that also hit SP2 upgraders earlier on; stuff like admin tools role is not current, open files error (that was the backup software service, had to disable that one) and another failure with the mailbox role upgrade. The solution I could find (thank heavens there is Google) was to do registry changes to bring stuff like the admin role version number into sync with the rest before rerunning the upgrade.

    Probably due to remnants of an abortive SP1 install once upon a long ago. But with some regedit elbow grease I got SP3 installed, but a painless process it wasn’t.

    1. Robert

      Hi Kimmo,

      I was planning as well to upgrade our exchange RTM to SP3 and I’m just wondering, what are the consequences of doing it? I mean, do I loose some of the exchange configuration or some of the employees email? Thanks.

  144. Kazun

    Thanks Paul.

    May be /PrepareAD ?

    1. STF

      I think Kazun is right.
      I got the dialog saying “Setup.exe can’t accept command-line parameters. Use instead.”

  145. turbomcp

    Hi Paul excellent as always
    just one little thing you probably need to mention(especially where hlb are involved)
    a service pack will “wipe” custom settings you maybe have(static ports and such)
    so be sure to backup any custom stuff you have set…

  146. fr

    Do you recommend waiting for official statements of support from your backup/antivirus/filtering vendors for a service pack or is it fairly safe to treat it like a normal rollup and just do your own tests?

    1. Avatar photo
      Paul Cunningham

      How much do you like your job? 😉

      I tend to look for clear statements of support from the vendors of any critical integrated products.

      1. fr

        Ok, just haven’t had to do an exchange sp for years so wasn’t sure how they effect compatibility. Will probably take months to get official support from backup exec so better plan to install UR6 for now.

      2. Vince

        Hi Every one, I need help with exchange 2010 upgrade to SP-3. When I try to install SP-3 the pre-requisites process fails stating that it requires Microsoft Server Communication Managed API and Microsoft Server Speech Platform Runtime. How ever when I try to install MSCM-API it fails stating that it cant co-exist with MSSP-Runtime.
        Exact error is:
        “Installation Requirements:

        Microsoft Unified Communications Managed API 4.0, Runtime cannot be installed side by side with the following components. Installation cannot continue.
        Microsoft Server Speech Platform Runtime (x64)”

        When I uninstal MSSP-Runtime the error still comes back when I try to install MSCM-API back. I have tried to search for left registry enetries and delete them but the problem persists. Its killing me and i keep going in cycles.

        Please I need your help. my email in

  147. Hein

    Thanks Paul for this post. Wil be upgrading all cas and dag servers coming friday so this post was good timing.

  148. shawn

    @Remigiusz that is the correct version. 14 is the version of exchange. .3 the service pack. and 123.4 the build number.

  149. Remigiusz

    Can you check Exchange version after installation SP3 ? is it the same

  150. Martin

    Great article once again. Keep the tweets going!

  151. shawn

    Its probably also worth mentioning for those who also have the UM role installed alongside the CAS & MBX role, that language packs, other than the default US one, will need to be uninstalled prior to the installation of SP3, as has been the case with previous Service Packs.

Leave a Reply