Saturday, August 25, 2018

Exchange 2016 Upgrade Pre-CU5 to CU9/CU10

I see quite a few questions on forums floating around about upgrading old versions of Exchange 2016 to the latest CUs. The cause for concern are the new requirements for .Net on Exchange.

For instance, Exchange CU9 requires either .Net Framework 4.6.2 or 4.7.1; Exchange CU10 requires .Net 4.7.1.

So here's the issue: how do you upgrade Exchange, when you're far out of date and update .Net without breaking your mail servers?

I've put together the following guide which will walk you through the process, and hopefully calm your fears; it's not as painful as you think!
I just completed this on a very non-standard Exchange environment, so it should work for you too.

1. In your monitoring solution, pause all Exchange servers and the Domain Controller holding the FMSO roles

a. Download .Net 4.7.1 from here:


b. Download Exchange 2016 CU9 from here:


**Note** Microsoft only hosts the current and N-1 CU's, so if CU9 is no longer available, leave a comment and I'll share it out with you.

b.1. If you're installing CU10, download it from here:


2. On The DC Holding FSMO

a. Install .Net 4.7.1

**Note** This *shouldn't* require a reboot.

b. In an Elevated CMD, run each of the following commands one-by-one:

setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

Setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms

setup.exe /PrepareDomain /IAcceptExchangeServerLicenseTerms

c. After Domain Preps, check replication to ensure all is well:

repadmin /showrepl

**Note** I normally run the AD prep commands from an Exchange server, but since CU9 requires .Net 4.6.2 -or- 4.7.1 and CU10 requires 4.7.1, it will halt the install saying that .Net 4.5 or higher is required. So, I chose to run it from the DC so as to not break Exchange (CU4, which is currently installed, doesn't support .Net 4.7.1 so this would cause conflicts).

3. On your First Mailbox Server

- Remove from Load Balancer Rotation

a. Start Exchange Server Maintenance Mode

These commands will stop Transport queues, stop DAG cluster, perform DB switchover, block DB activation, and enable maintenance mode

a.1. In the EMS, run each command separately:

$Computer = $ENV:ComputerName

Set-ServerComponentState $Computer -Component HubTransport –State Draining -Requester Maintenance

Redirect-Message -Server $Computer -Target MBX2.exchangeitup.com

Suspend-ClusterNode $Computer

Set-MailboxServer $Computer -DatabaseCopyActivationDisabledAndMoveNow $True

Set-MailboxServer $Computer -DatabaseCopyAutoActivationPolicy Blocked

Set-ServerComponentState $Computer -Component ServerWideOffline -State Inactive -Requester Maintenance

b. Install .Net 4.7.1

**Note** MS says to use newest .Net version supported by Exchange. A lot of the advice on forums will mislead you by saying to install 4.6.2 then install CU9, then install 4.7.1. Don't do that! This adds a whole lot of unnecessary steps; just go straight to the latest .Net.

b.1. **If you are installing CU10** Download and install Visual C++ (CU10 requires it) from here:


b.2. Reboot

c. Uninstall previous the CU Language Pack by running the following in an Elevated CMD:

cd C:\wherever-you-have-stored-your-language-pack

setup.exe /RemoveUMLanguagePack:de-DE

**Note** Change "RemoveUMLanguagePack:de-DE" to whatever language pack you have

d. Mount the CU9 or CU10 ISO and run setup.exe - Run As Administrator for good measure

**Note** This will take a long time, so plan for the whole day depending on how many servers you have.

**Note** During the CU9/CU10 readiness checks if the installer throws an error stating: setup can't continue with the upgrade because the mscorsvw (PID#) has open files, just give it some time. The problem is, the .Net compiler hasn't finished yet, which takes about 30 minutes. Open task manager and watch for .Net optimization; once it disappears, it's finished and you can hit Retry in the installer.

e. Install the newest CU Language Pack - You'll need to Run As Administrator

f. Stop Exchange Server Maintenance Mode

These commands will start Transport queues, start DAG cluster, unblock DB activation, disable maintenance mode, and restart Transport Services

f.1. In the EMS, run each command separately

$Computer = $ENV:ComputerName

Set-ServerComponentState $Computer -Component ServerWideOffline -State Active -Requester

Resume-ClusterNode $Computer

Set-MailboxServer $Computer -DatabaseCopyActivationDisabledAndMoveNow $False

Set-MailboxServer $Computer -DatabaseCopyAutoActivationPolicy Unrestricted

Set-ServerComponentState $Computer -Component HubTransport -State Active -Requester Maintenance

Restart-Service MSExchangeTransport

Restart-Service MSExchangeFrontEndTransport

Get-ServerComponentState MBX1 - ensure that all services are active

 **Note** If the Database copies say: Content index state:  HealthyAndUpgrading no need to worry, carry on with your upgrade - it could take days depending on the size of your DB's. It's still totally safe to mount or activate copies on the other DAG members during this operation.

4. Rinse and Repeat the above steps on each Mailbox Server

5. On Your First Edge Server

a. Start Exchange Server Maintenance Mode

These commands will stop Edge Transport queues, and enable maintenance mode

a.1. In the EMS, run each command separate

$Computer = $ENV:ComputerName

Set-ServerComponentState $Computer -Component ServerWideOffline -State Inactive -Requester Maintenance

b. Install .Net 4.7.1

b.1. Reboot

b.2. **If installing CU10** Install Visual C++

c. Run the Exchange CU setup from an Elevated CMD:

Setup.exe /mode:upgrade /IAcceptExchangeServerLicenseTerms

d. Stop Exchange Server Maintenance Mode

These commands will start Edge Transport queues, and disable maintenance mode

d.1. In the EMS, run each command separate

$Computer = $ENV:ComputerName

Set-ServerComponentState $Computer -Component ServerWideOffline -State Active -Requester Maintenance

6. Repeat for Each Edge

7. On your Management Tools Server

a. Install .net 4.7.1

a.1. **If installing CU10** Install Visual C++

b. Install the CU - the CU installer will upgrade the tools automatically - it detects the installed roles.

8. Cleanup/Checking our work

a. Check build numbers on Servers:

Get-ExchangeServer | fl name,edition,admindisplayversion

For CU10 you'll get: 15.01.1531

For CU9, you'll get: 15.01.1466

**Note** The Edge will not show the current build number when running the above cmdlet from a Mailbox Server; this is by design. If you want it to show the updated build, you would need to re-subscribe the EdgeSync.

b. Rebalance the DAG by running the following in the EMS:

cd exscripts

.\RedistributeActiveDatabases.ps1 -DagName DAG01 -BalanceDbsByActivationPreference -Confirm:$False

**Note** Change "DAG01" to the name of your DAG

c. Re-apply any custom IIS authentication and web.config changes. 

**Note** Exchange CU's are full installations, so they reset those values to default.

Now your Exchange environment will be up to date and healthy. In my environment, I chose to go to CU9 instead of CU10 because I always stay N-1 on CU's; if you do follow the forums it seems that almost every other CU release causes something to break in Exchange...most have been riddled with bugs. I would personally rather be one step behind than have to open an MS ticket to fix something they broke ;)


  1. Hi, can you share Exchange 2016 CU9 ISO, as it is no longer available for download from MS.

    1. Unfortunately I don't have CU9 anymore, sorry! I tend to delete them when I move to newer builds.