Despite of we think the updates as patches, the Exchange 2016 cumulative updates are a complete installation of the messaging application. We can use this CU to install Exchange from scratch or update the Exchange organization.
As the media installation has all files to install a new exchange server, it means that you DON’T need to install the previous CU before install the latest version.
In this scenario, I am going to update from Exchange Cumulative Update 5 to CU 8. Please follow these steps.
- Download the media installation from Microsoft. Be careful; do not download the software from another site. From Microsoft, you will need Exchange CU 8 and .Net Framework 4.7.1.
Cumulative 8 does not implement changes into Active Directory, but CU 7. Therefore, when I execute CU 8 set up, it will make the same changes into Active Directory as CU 7.
- Search for known issues with this Cumulative Update, in some cases Microsoft detect issues with some updates releases and they publish a workaround or fixes to solve the issues. You need to be aware of these cases in order to determine if can be an impact in your organization, in some cases is better wait a little more while Microsoft release those fixes and you are confident to have a reliable version to install. Here you can see a justification to use always Microsoft site to download the installation media.
- Create backups. As the Active Directory will be affected by this installation, you need to have a reliable backup and obviously a backup for all Exchange data bases, in case that you have a DAG (Database Availability Group) configured, you need to check the copy(ies) status.
- The best scenario, is install the Cumulative Update 8 in a test environment before go to production, with this approach you can detect any issue and work proactively solving any inconvenient before install the CU8 in your production servers.
- Document any customization you have made in production, for example sometimes we modify the ecp access, this changes are saved in web.config file located at C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess, if this the case save a copy of the file. Note: DO NOT replace the file; just copy the code where you made the changes.
- Verify your Exchanges certificates are not expired. This is important to avoid loss access to servers and services.
- Verify that you have access to OWA (Outlook Web App) and you can read, send and receive emails, access to shared mailbox (if any), delegates, etc and create a checklist. After the installation, you will check all of these items again to validate that everything is working as expected.
Installing the Cumulative Update 8
At this point you need to be aware of you will have some servers in a new version (CU 8) and others in the current version (Before CU8, in this scenario CU5). It’s Ok, this scenario is considered by Microsoft and everything is working properly, but you need to plan complete all the servers in a reasonable time (Maximum a couple of weeks).
If you have a DAG configured, you will put the server in maintenance mode and it helps to work even on business hours because the databases are mounted in other servers.
In my scenario, I don’t have Edge servers but if you have this role in your environment, should be the first servers in deploy Exchange Cumulative Update 8.
The follow steps, should be executed as they appear in this document.
Perform Active Directory, Domain and Schema changes and updates, remember if you are updating from CU7 to CU8, there are no changes, even though is a process that always Exchange setup will verify. Otherwise, you will find errors like these:
Error:
The Mailbox server role isn’t installed on this computer.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.UnifiedMessagingRoleNotInstalled.aspx
Error:
The Mailbox server role isn’t installed on this computer.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.BridgeheadRoleNotInstalled.aspx
Error:
The Active Directory schema isn’t up-to-date, and this user account isn’t a member of the ‘Schema Admins’ and/or ‘Enterprise Admins’ groups.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.SchemaUpdateRequired.aspx
Error:
You must be a member of the ‘Organization Management’ role group or a member of the ‘Enterprise Admins’ group to continue.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.GlobalServerInstall.aspx
Error:
You must use an account that’s a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedBridgeheadFirstInstall.aspx
Error:
You must use an account that’s a member of the Organization Management role group to install the first Client Access server role in the topology.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedCafeFirstInstall.aspx
Error:
You must use an account that’s a member of the Organization Management role group to install the first Client Access server role in the topology.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedFrontendTransportFirstInstall.aspx
Error:
You must use an account that’s a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedMailboxFirstInstall.aspx
Error:
You must use an account that’s a member of the Organization Management role group to install or upgrade the first Client Access server role in the topology.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedClientAccessFirstInstall.aspx
Error:
You must use an account that’s a member of the Organization Management role group to install the first Mailbox server role in the topology.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedUnifiedMessagingFirstInstall.aspx
Error:
Setup encountered a problem while validating the state of Active Directory: Exchange organization-level objects have not been created, and setup cannot create them because the local computer is not in the same domain and site as the schema master. Run setup with the /prepareAD parameter on a computer in the domain root and site RootEU, and wait for replication to complete. See the Exchange setup log for more information on this error.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.AdInitErrorRule.aspx
Error:
The forest functional level of the current Active Directory forest is not Windows Server 2003 native or later. To install Exchange Server 2016, the forest functional level must be at least Windows Server 2003 native.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.ForestLevelNotWin2003Native.aspx
Error:
The Mailbox server role isn’t installed on this computer.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.MailboxRoleNotInstalled.aspx
Error:
Either Active Directory doesn’t exist, or it can’t be contacted.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.CannotAccessAD.aspx
Updating Active Directory, Domain and Schema
For this scenario, you need to install Microsoft .NET Framework 4.7.1 in the same computer that you will execute the follow commands, do remember download the framework from the Microsoft official site.
Make sure that you have the correct permissions assigned (Enterprise Admins and Schema Admins permissions) to execute the follow commands:
NOTE: open a command prompt window with elevated permissions, DO NOT use powershell.
- exe /PrepareSchema /IAcceptExchangeServerLicenseTerms
- exe /PrepareAD /IAcceptExchangeServerLicenseTerms
- exe /PrepareDomain /IAcceptExchangeServerLicenseTerms
When the Schema, Domain and Active Directory changes have been applied and you didn’t get any error message, then you are good to start with the installation process.
Installing Exchange Cumulative Update 8 on Exchange Server 2016
In you have a DAG configured, let’s put the server in maintenance mode.
Open an Exchange Management Shell window.
Move to exchange scripts folder. Write: cd $exscripts
Execute this script:
.\StartDagServerMaintenance.ps1 -serverName <servername> -OverRideMinimumTwoCopies:$true
NOTE: Even when some authors suggest use other commands to put a server in maintenance mode, this is working for me.
Once you can see all databases with healthy status, I suggest as good practice reboot the server to drop all connections from other users and applications opened by other processes or users.
After reboot, let’s open the installation media, and right click to run as administrator the Setup.exe file. In this way, the installation has begun.
The setup process will detect that Exchange is installed and will appears the Upgrade window
Click on Next
Accept the license agreement.
In my case, I got this error:
Error: Setup can’t continue with the upgrade because the PowerShell (40928) has open files.
Open task manager, go to processes or details and finish all PowerShell processes.
Click on Retry
And just sit back and watch the progress.
During this process if you try to do something remote via PowerShell, you will receive this error:
PS C:\> Get-MailboxDatabaseCopyStatus -Server MyServer
Creating a new session for implicit remoting of “Get-MailboxDatabaseCopyStatus” command…
New-PSSession : [MyServer] Connecting to remote server MyServer failed with the following error message :
The connection to the specified remote host was refused. Verify that the WS-Management service is running on
the remote host and configured to listen for requests on the correct port and HTTP URL. For more information,
see the about_Remote_Troubleshooting Help topic.
When step 17 finishes, then reboot the server.
As we put the server in maintenance mode, now we need to stop it.
Open an Exchange Management PowerShell.
Move to Exchange Scripts folder. cd $exScripts
Run the follow command: .\StopDagServerMaintenance.ps1 –serverName <ServerName>
Wait until the Databases have the Mounted status.
Important Notes.
The “Microsoft Exchange Search Service is crawling the database.” Message error.
You will see the follow state in the Content Index: HealthyAndUpgrading
Calm down!!!, is not necessary an error!!!
Remember that we are migrating from Exchange CU5 to CU8, this is a normal process after the installation.
If you run the follow command you will be able to see more details:
Get-MailboxDatabaseCopyStatus | fl
ContentIndexState : HealthyAndUpgrading
ContentIndexErrorMessage : The Microsoft Exchange Search Service is crawling the database.
In my case, I have to wait a couple of days to see the DB’s in healthy status again, but meanwhile they were mounted and working without any issues.
You can verify the progress running the follow command:
Get-MailboxDatabaseCopyStatus -Server MyServer | select name, status, contentindexstate, ContentIndexMailboxesToCrawl
Depending of your server’s capacity and number of mailboxes can be fast or take too long to finish.
if we see an error with the Index DB:
ContentIndexState : Failed
ContentIndexErrorMessage : An internal error occurred for the database or its index.
LastCopyAvailabilityCheckFailedID : DatabaseCheckPassiveCopyTotalQueueLength
LastCopyAvailabilityCheckFailedErrorMsg : Database copy ‘DB001′ on server ‘MyServer’ has a total (copy plus replay) queue length of 32761 logs, which is higher than the maximum allowed queue length of 400.
Give more time and the status will change to HealthyAndUpgrading again.
In summary, the state HealthyAndUpgrading is not really an error and you need to wait a while to see the correct state for Content Index.
If you restart the Exchange Search service, will be all Databases with Failed status and maybe you will be scare about this.
If you already did it, again just sit tight and wait.
Regards – Cheers – phir melenge – Hasta luego
Tony Gonzalez 