Upgrading Exchange 2016 or 2019 with the latest cumulative update (CU) or security update (SU) normally finishes without an error. But there are times you end up with an installation that fails, or it seems that the upgrade went through but Exchange services won’t start. What can lead to this? Here are some examples that we will cover in a bit more detail:
- Antivirus blocking the installation — EDR component.
- Windows Error 1603.
- Third-party applications terminating PowerShell.
- Pending reboots from updates of other applications or Windows updates.
- Running the upgrade without elevation.
- Services that won’t stop while the upgrade is running.
- Locked processes.
I have listed some of the common examples that I have personally come across when upgrading Exchange Servers, and the services won’t start. Let’s briefly look at each one.
Reasons Exchange Services won’t start
- Antivirus blocking the installation — EDR component
In a recent article, I spoke about Symantec Endpoint Detection and Response causing issues on Exchange. The IDS section seems to block file copy and also blocks installations. If the IDS option is enabled, you cannot mount the ISO or copy it as it gives a signature error. If you did have the ISO on before you install, it fails when you run the CU upgrade because it cannot talk to Active Directory. The fix here is to disable that component in Symantec and then reboot, after which the CU or SU installation will complete without error.
- Windows error 1603
The above error is quite vague — Windows error 1603 can be many things. But what I did find is that if a system is hardened, you may see this error. Turning off the Windows firewall temporarily allows the installation to continue, but as mentioned, it is a broad error you see in the event logs. On one occasion, I had to run an SFC / scannow to fix problems within the OS.
- Third-party applications terminating PowerShell
If you use a third-party app that can terminate applications, you may find that this terminates your session. If you run the upgrade using a PowerShell Exchange install script, this will cause the update to fail while it’s busy installing PowerShell. So, it’s best to put the system in maintenance mode so that it cannot disrupt the upgrade or installation on your Exchange Server.
- Pending reboots from updates of other applications or Windows updates
This is a common issue that won’t allow you to run the upgrade of Exchange or run the security update. The rule of thumb is to always reboot your system before doing any upgrade, either the CU or SU, so that you don’t run into this issue.
- Running the upgrade without elevation
When you run Exchange cumulative updates or security updates, you need to do so from an elevated prompt. If you try to run this in a normal command prompt window, you will get errors that will not allow you to continue with the installation. As with the pending reboots, the rule of thumb is always to start your command prompt or PowerShell elevated.
- Services that won’t stop while the upgrade is running
When an Exchange installation is underway, it always stops and disables the services. But you may find services like the search host controller won’t stop or do not stop in a timely fashion. This causes the upgrades to fail. If you see the install staying on the window and it states, “stopping services,” launch services.msc. If you see all Exchange Servers are stopped and disabled except for one or two, open up Task Manager and stop them, and you will find the install will continue.
- Locked processes
This one is similar to the services that won’t stop. If a process has locked the Exchange processes, it may cause the installation to fail. Third-party applications — for example, those that monitor Exchange and report on disk space — might lock the store.exe process. This will give you a nice long error stating that the installation cannot continue, or you may get a popup window that won’ go away saying that the installation has to stop a set of processes to continue. The way to get around this is to reboot the system or disable the monitoring services while you do the upgrade, and then complete the installation or upgrade.
There are other errors that can happen when you have network issues, for example, or Exchange cannot talk to domain controllers in a certain site because of a network failure or link failure. You will need to resolve these before you attempt an upgrade.
This brings us back to the headline of this article, where it says the services won’t start. Well, if you try to start them, they will fail because the installation process started and terminated in any one of the above scenarios. It’s best is to restart the installation, and if it’s a CU you are running, it should continue where it left off. If it is a security update, the installation should start again and finish, and this time the services should start without an issue. If the server is broken, however, then you need to do a recovery installation of Exchange.
Featured image: Shutterstock