How to upgrade an Exchange server without going crazy

Exchange and upgrades. Always a busy topic as IT admins either don’t want to update or would prefer to leave the current version as is working. As the saying goes, “If it ain’t broke, don’t fix it.” This last approach is a popular one, but it raises several challenges. If the time comes when you run into an issue with your current version of Exchange, say it is Exchange 2010 SP1 or Exchange 2013 RTM, and you want to log a call with Microsoft, you will end up having to upgrade as they will look only at the current versions and not versions that are out of support. This is where a lab comes in quite handy as you can test a rollup if you are on Exchange 2010 and a cumulative update if you are on Exchange 2013 or higher. Too often, IT staff forget about the edge server sitting in the DMZ and when the time comes to upgrade, they cannot download the files needed and cannot log a call for help to upgrade. Maybe if a payment arrangement is made between you and Microsoft, they will assist you, but this is purely up to them.

Order, please

If you manage a large environment that consists of split roles — for example, Exchange 2010 where you have a HUB Transport Server, a Unified messaging server, a mailbox server, and a Client Access Server — you have quite a bit of upgrading to do. There is generally a rule to upgrade servers in a certain order. This throws a spanner in the works as IT admins go into a panic, saying, “How do I upgrade 100 servers in an order?” Relax, you can do them in stages. Let’s look at a legacy version of Exchange first, Exchange 2010. The upgrade order is as follows:

• Client Access Server (CAS)
• HUB transport server (HUB)
• Unified messaging server
• Mailbox server (MBX)

This is called CHUM for short, something you can remember quite easily. OK, I mentioned stages. Yes. If you have 30 Client Access Servers, 30 HUB transport servers, and 40 mailbox servers, follow the rule.

Start by upgrading your Client Access Servers. Maybe this takes you two to three weeks if you take it slow as you will have to drain servers off of a load balancer if you are using one and run the upgrade. Sometimes you run into issues where your execution policy is too strict so the upgrade fails or, unfortunately, it can fail for many other reasons. Don’t stress, continue with your upgrades on the CAS servers. Once done, then move onto your HUB server. Again, you can run with a mix of versions but Microsoft recommends not leaving it too long.

Once you are done with your HUB servers, move to the unified messaging servers if you have them and finally mailbox servers. Mailbox servers generally take a bit longer and you need to failover the databases and drain your database availability group (DAG). Drain means you put it in maintenance mode with a script.

Put the servers in maintenance mode

If you have monitoring in place, put the servers in maintenance mode. This setting will be on System Center Operations Manager (SCOM) or whatever monitoring system you are using as it will alert that the DAG is down and copies aren’t active. Just a small headache you want to alleviate.

To install an update on Exchange 2010 SP3 servers, you simply need to download the rollup and check if there are any additional prerequisites needed and launch an elevated command prompt and navigate to your folder where you downloaded the file and run it. Some rollups with give an error with certificate revocation, which you can ignore. Other errors you may encounter is that the execution policy is set to Restricted on the server. You will need to change that to do your install and then put it back.

Other issues can be as a result of antivirus exclusions not set or set too restrictive so you cannot do anything or you have Group Policy that restricts it as well.

Now moving onto the newer versions of Exchange. These upgrade orders are really simple. They are as follows:

• Mailbox Servers
• Edge Transport Servers

Remember that Exchange 2013 and higher now have services instead of multiple roles so your footprint of upgrades is simpler. I prefer to personally run upgrades from the command line as it just saves time and you don’t have to go through all the windows to click “next” to get to where it gives an error about a pending reboot or missing prerequisites as the command line install will give you this straight away after it does its checks.

Exchange servers upgrade: Failures do occur

Again, if you are running a database availability group, move your active database copies off and put the server into maintenance mode. Exchange 2016 does have that option to automatically failover the databases back to the preferred preference so be sure you have run the maintenance mode script. Upgrades are generally seamless but I have seen some failures.

These include services that have to come out of a disabled start that take forever to do or just never perform that step and the setup fails as it couldn’t start a particular service. Other failures are where the server has a watermark entry in the registry and the update fails. Edge servers upgrade pretty easily, but in the later cumulative updates, there have been some errors where it cannot find a specific file.

Follow the guidelines and best practices from Microsoft and all should be fine with your Exchange server upgrades. Every environment is different and upgrades might fail but the errors are pretty straightforward.

Happy updating.

Featured image: Shutterstock