CPI - How To Update Exchange 2013

How to Update Exchange 2013

Updating Exchange 2013 can be a messy experience if not done correctly. You can end up with a data loss or server down issue. I have created this procedure that I and my team use when we update the Exchange Servers that we administer.

High Level Overview

This walkthrough will cover updating a DAG member of a two node cluster

  • Ensure that you have a good backup of your Active Directory Schema
  • Ensure that you have a good backup of your Exchange environment to include all Databases
  • Follow the procedure outlined herein and perform updates on Passive DAG Member server first
  • Then, Follow the procedure and perform updates on the Active DAG member

**NOTE: Please make sure you have written documentation of any and all Custom settings in your environment. At times Exchange Service Packs can overwrite custom settings and revert them to default settings.

Updating a Server with CAS/ MB roles

**NOTE: The below guide is designed for a two-node DAG, but can be applied to larger scenarios as well

As mentioned above sometimes certain updates for Exchange Servers can revert settings to default. It is imperative that you understand this and properly document any custom settings you may have implemented on your CAS server’s. The areas that are affected by these changes are mainly involve IIS. More specifically the Authentication types, redirections, and SSL settings. It is best practice to have a written account of these custom settings as well as a backup of IIS settings prior to updating your servers.

  • Check written documentation against environment to ensure that all settings are still reflected in the documentation
  • Please find my CasCollect and IIS authentication Scripts from blog. I use these to document the configuration settings prior to performing updates. These both write a transcript to the location they are ran from. You can change the location by finding the line start-transcript and changing the location.
  • Below I have provided commonly used commands to manage IIS configurations
    • to backup configuration, run the follow command:
      • > %windir%system32inetsrvappcmd.exe add backup “My Backup Name”
    • to restore that backup, run this command:
      • > %windir%system32inetsrvappcmd.exe restore backup “My Backup Name”
    • to delete a backup, run this command:
      • > %windir%system32inetsrvappcmd.exe delete backup “My Backup Name”
    • To enumerate a list of backups and configuration history files, use the following command:
      • > %windir%system32inetsrvappcmd.exe list backup

To perform updates on a mailbox server that is in a DAG we need to place a member into what is called maintenance mode however; There is no maintenance mode script in Exchange 2013 as there was in 2010 so to get around this caveat and prepare a member to receive updates we need to perform the steps manually.

Readying the Passive Node and Updating

  • Choose a server that you want to update first and activate all of the databases on the other server so the server you have chosen to receive updates first is completely passive in terms of holding databases.
    • Because we are load balancing the Client Access roles of these servers we also need to login to the Netscaler and remove the first server we have chosen to update from the pool of hosts.
    • Open an administrative elevated exchange management shell session.
    • Run the following commands:
    • Set-executionpolicy unrestricted
    • Select yes
  • Set-ServerComponentState PASSIVENODE –Component HubTransport –State Draining -requester maintenance
  • Redirect-Message -Server PASSIVENODE -Target ACTIVENODE.domain.com
  • Set-ServerComponentState PASSIVENODE –Component ServerWideOffline –State InActive –Requester Maintenance
  • Suspend-ClusterNode –Name PASSIVENODE
  • Set-MailboxServer PASSIVENODE –DatabaseCopyActivationDisabledAndMoveNow $true
  • On this next script we will noting the status of the databasecopyautoactivationpolicy (write it down – unrestricted/??)
    • Get-MailboxServer PASSIVENODE | Select DatabaseCopyAutoActivationPolicy
  • Set-MailboxServer PASSIVENODE –DatabaseCopyAutoActivationPolicy Blocked
  • Set-ServerComponentState PASSIVENODE –Component ServerWideOffline –State InActive –Requester Maintenance
  • ** NOTE: make sure you replace PASSIVENODE or ACTIVENODE in the above scripts with the actual passive or active server name**NOTE: ensure that you have all programs and exchange management shell sessions closed throughout the update process
  • Perform the windows and Microsoft updates that you deem necessary for your environment 
    • **NOTE: if you are performing a downloaded service pack or cumulative update install please make sure that you right-click and run the setup as an administrator
    • After the final update perform one last restart of the passive node

Bringing the passive node out of maintenance mode

**NOTE: before proceeding with the following steps ensure that you have checked all of your CAS virtual directory settings and IIS authentication and SSL settings against your documentation


  • Open an administrative elevated exchange management shell session.
  • Run the following commands:
  • Set-executionpolicy unrestricted
  • Select yes
    • Set-ServerComponentState PASSIVENODE –Component ServerWideOffline –State Active –Requester Maintenance
    • Resume-ClusterNode –Name PASSIVENODE
    • Set-MailboxServer PASSIVENODE –DatabaseCopyAutoActivationPolicy Unrestricted
    • Set-MailboxServer PASSIVENODE –DatabaseCopyActivationDisabledAndMoveNow $false
    • Set-ServerComponentState PASSIVENODE –Component HubTransport –State Active –Requester Maintenance
  • Login to the Netscaler and add back in the server to the pool of hosts

Verifying Server Health

  • Open up Exchange management shell and run the following test cmdlet to see how replication health is. “Test-replicationhealth”
    • This lets you know if the server is ready to receive the mailbox copies
    • If for some reason you get a failure first try a reboot of the passive node and run the “test-replicationhealth” cmdlet again to see if the issue has been remediated.
    • **NOTE: that if you have any single instanced databases IE: archive databases that are not replicated. These will show up as failed in this test
    • Get-clusternode (this verifies that the members of the dag are all active and not paused)
    • Test-servicehealth (this verifies that all services are running)
    • Get-mailboxdatabasecopystatus (verifies that all database copies, copy/replay queues, and content indexes are healthy)
    • Get-servercomponentstate SERVERNAME (this verifies that we haven’t left the server in maintenance mode)

Follow-up Steps

  • If all passes then you are good to move the mailboxes back over from the active server and ready it for updates by repeating this section of the guide

Perform tests in your environment to make sure that all Exchange functions are working this is not a definitive list. (CAS: Autodiscover, OAB, OWA, EAS, ECP; MB: DAG, PF, MBDB) Please use your own judgment on additional systems that need to be tested for functionality.


**Note: A Visiting contributor “Bruno” adds that all Exchange updates include schema extensions. Although I haven’t ever been on the negative side of a bad Schema extension procedure always be sure to backup your ADDS prior to exchange update process just as a safety precaution.


Post a Comment