Exchange 2013 Installing Cumulative Updates

Installing Cumulative Updates (CU's) to Exchange 2013 isn't too different from Rollups (RU's) on Exchange 2010. There are some nice cmdlets built into Exchange to help ease the install, and there are some scripts floating around on the web to automate the process (I prefer to use the commands, since I have them saved and just copy/pasta into the EMS).

At the time of this post, CU9 is the latest release and it brings back some much needed features like the ability to keep Sent Items in Shared Mailboxes...why MS took that away I dunno :(

Installing Exchange 2013 CU's:

First, in your monitoring service, put the servers into Maintenance Mode, and stop backup services.

Domain Prep:

Exchange CU's usually contain schema changes, and it's best to run those commands separately, well before you install the CU to give your environment time to replicate changes. And in the case of CU9, it doesn't run ADPrep in the install...stupid.

In an elevated CMD prompt on either a Domain Controller or on one of the Exchange servers, run the following commands:

cd to C:\CU

**Note** Change "C:\CU" to where you extracted the CU setup files.

Setup.exe /prepareSchema /IAcceptExchangeServerLicenseTerms

Setup.exe /prepareAD /IAcceptExchangeServerLicenseTerms

Setup.exe /prepareDomain /IAcceptExchangeServerLicenseTerms

After the commands finish, to check that everything is complete and clean, run:

repadmin /showrepl

CU Installation:

Multirole DAG Members:

I'll be going over how to update multi-role servers that are part of a DAG on hardware load balancers, since that's the most common setup.

First, remove one server from rotation in the load balancer, which will gracefully move connections to another server and not disrupt clients.

I'm using Kemp load balancers so it'll look like this:

Once you have disabled the "real server" set the server into Exchange Maintenance Mode.

Fire up the Exchange Management Shell (EMS) and run the following commands separately:

$Computer = $ENV:ComputerName

Set-ServerComponentState $Computer -Component HubTransport -State Draining -Requester Maintenance

Redirect-Message -Server $Computer -Target odc-exc-mbx-c01.harriscomputer.com

Suspend-ClusterNode $Computer

Set-MailboxServer $Computer -DatabaseCopyActivationDisabledAndMoveNow $True

Set-MailboxServer $Computer -DatabaseCopyAutoActivationPolicy Blocked

Set-ServerComponentState $Computer -Component ServerWideOffline -State Inactive -Requester Maintenance

Once the server is in maintenance mode, now is a good time to install Windows Updates, since it requires a reboot.

After the updates install and you bounce the server, you'll need to uninstall any extra Language Packs in CMD:

cd C:\CU

setup.exe /RemoveUMLanguagePack:fr-CA

**Note** Change "fr-CA" to the pack you have installed.

Next, make sure that the EMS is closed, or else it will throw PowerShell errors! install the CU either by browsing to the extracted files and running setup.exe As Admin, or in an elevated CMD by running:

Setup.exe /mode:upgrade /IAcceptExchangeServerLicenseTerms

Reboot the server for good measure.

Install the newest Language Pack by browsing to the Language Pack setup files location.

Next, take the server out of Exchange Maintenance Mode, by running the following commands in EMS:

$Computer = $ENV:ComputerName

Set-ServerComponentState $Computer -Component ServerWideOffline -State Active -Requester Maintenance

Resume-ClusterNode $Computer

Set-MailboxServer $Computer -DatabaseCopyActivationDisabledAndMoveNow $False

Set-MailboxServer $Computer -DatabaseCopyAutoActivationPolicy Unrestricted

Set-ServerComponentState $Computer -Component HubTransport -State Active -Requester Maintenance

Restart-Service MSExchangeTransport

Restart-Service MSExchangeFrontEndTransport

Verify that services are running by going to the Services Control Panel, or run:

Get-ServerComponentState $Computer | ft Component,State –Autosize

Now move on to the next DAG member and follow the steps above.

After DAG members are updated, services are running, and they are back in rotation in the load balancer you can move on to any Edge Servers you're running.

Edge Servers:

On an Edge server, start maintenance mode by running the following in EMS:

$Computer = $ENV:ComputerName

Set-ServerComponentState $Computer -Component ServerWideOffline -State Inactive -Requester Maintenance

Next, make sure that the EMS is closed, or else it will throw PowerShell errors!

Run the CU setup form an elevated CMD:

Setup.exe /mode:upgrade /IAcceptExchangeServerLicenseTerms

Next, stop maintenance mode, in EMS:

$Computer = $ENV:ComputerName

Set-ServerComponentState $Computer -Component ServerWideOffline -State Active -Requester Maintenance

Now you can move on to any other Edge servers, following the same steps.

After you finish with your Exchange servers, you can update any Exchange Management Tools on other machines.

To check build numbers to ensure the CU installed successfully on the Exchange servers, in the EMS, run:

Get-ExchangeServer | fl name,edition,admindisplayversion

Next, you'll want to rebalance your databases in your DAG:

cd $exscripts

.\RedistributeActiveDatabases.ps1 -DagName DAG01 -BalanceDbsByActivationPreference -Confirm:$False

In your monitoring software, stop maintenance mode and start your backups.

A few Post-Install Notes:

If you have any third-party tools like CodeTwo Signature Manager, you'll need to re-activate those...kinda annoying that they don't fix that.

Any changes you have to done to web.config files (Lync IM to OWA Integration for instance) will need to be reconfigured.

If “Discovery Search Mailbox” access warnings are thrown, disable the mailbox, then rerun setup:

Disable the Discovery Search mailbox and re-enable it after installation.

In EMS, run:

Disable-Mailbox “DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}”

Install Exchange 2013 CU

Run the following 2 cmdlets in EMS:

Enable-Mailbox “DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}” -Arbitration

Add-MailboxPermission –Identity ”harriscomputer.com/Service Accounts/Corporate IT/DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}” –User ”Discovery Management1” –AccessRights FullAccess

And you're done!