Exchange 2010 SP1 installation notes

 

Released date of Exchange 2010 SP1 is on September 2010

The
starting point for SP1 setup/upgrade should be the What’s New in SP1, SP1 Release Notes, and Prerequisites docs. As with any new release, there are some frequently
asked deployment questions, and known issues, or issues reported by some
customers. You may not face these in your environment, but we’re posting these
here along with some workarounds so you’re aware of them as you test and deploy
SP1

Caution:
After
you upgrade to Exchange 2010 SP1, you can’t uninstall the service pack to
revert to Exchange 2010 RTM. If you uninstall Exchange 2010 SP1, you remove
Exchange from the server.

 

  1. 1.  Exchange 2010 SP1
    Prerequisites

Exchange 2010 SP1 requires the installation
of 4-5 hotfixes, depending on the operating system – Windows Server 2008, or
Windows Server 2008 R2. To install the Exchange 2010 SP1 administration tools
on Windows 7 and Windows Vista, you requires 2 hotfixes.

Update 2/11/2011: Windows 2008 R2
SP1
 includes all the required hotfixes listed in this
table — 979744, 983440, 979099, 982867 and 977020. If you’re installing
Exchange 2010 SP1 on a server running Windows 2008 R2 SP1, you don’t need to
install these hotfixes separately. For a complete list of all updates included
in Windows 2008 R2 SP1, see Updates in Win7 and WS08R2 SP1.xls.

  1. 1.     Upgrade order

The order of upgrade from
Exchange 2010 RTM to SP1 hasn’t changed from what was done in Exchange 2007.
Upgrade server roles in the following order:

  1. Client Access server
  2. Hub Transport server
  3. Unified Messaging server
  4. Mailbox server

The Edge Transport server
role can be upgraded at any time; however, we recommend upgrading Edge
Transport either before all other server roles have been upgraded or after all
other server roles have been upgraded. For more details, see Upgrade from Exchange 2010 RTM to
Exchange 2010 SP1
 in the documenation.

Permissions

To perform the following procedures, the account you use must be a
member of the Delegated Setup management role group or the Organization
Management management role group.

To upgrade an Exchange 2010 RTM server that has the Edge Transport
server role installed to Exchange 2010 SP1, the account you use must be a
member of the local Administrators group on that computer.

To upgrade a computer that has only the Exchange management tools
installed, you must log on using an account that’s a member of the local
Administrators group on that computer.

Prepare Active Directory
and Domains

Applies to: Exchange Server 2010 SP1

Topic Last Modified: 2011-01-25

Before you install Microsoft Exchange Server 2010 on any servers
in your organization, you must prepare Active Directory and domains.

For information about preparing your domains with legacy Exchange
permissions, see Prepare
Legacy Exchange 2003 Permissions
.

Prerequisites

  • The computers on which you plan to
    install Exchange 2010 must meet the system requirements. For details, see Exchange 2010 System Requirements.
  • Your domains and the domain
    controllers must meet the system requirements in “Network and
    Directory Servers” in Exchange 2010 System Requirements.
  • In each domain in which you
    install Exchange 2010, you must have at least one domain controller
    running any of the following:
  • Windows Server 2003
    Standard Edition with Service Pack 1 (SP1) or later (32-bit or 64-bit)
  • Windows Server 2003 Enterprise
    Edition with SP1 or later (32-bit or 64-bit)
  • Windows Server 2008
    Standard or Enterprise (32-bit or 64-bit)
  • Windows Server 2008 R2
    Standard or Enterprise
  • Run the /Prepare* commands
    from an Active Directory site with an Active Directory server from every
    domain.
  • Run the first server role
    installation or Exchange 2010 service pack upgrade from an Active Directory
    site with a writeable global catalog server from every domain.
  • Verify that replication of
    objects from the preceding actions is completed on the global catalog server in
    the Active Directory site before installing the first Exchange 2010 server (or
    SP1 upgrade) to that site.
  • Windows Server 2003
    Standard Edition with SP1 or later (32-bit or 64-bit)
  • Windows Server 2003
    Enterprise Edition with SP1 or later (32-bit or 64-bit)
  • Windows Server 2008
    Standard or Enterprise (32-bit or 64-bit)
  • Windows Server 2008 R2
    Standard or Enterprise
  • For multiple domain organizations
    running the following /Prepare* commands, we recommend the following:
  • If you’re running the release to
    manufacturing (RTM) version of Exchange 2010 Setup.com, in each domain
    (including child domains) where you have the Exchange Enterprise Servers
    and Exchange Domains Servers security groups (and therefore must run Setup
    /PrepareLegacyExchangePermissions
    ), you must have at least one domain
    controller running any of the following:
  • If you run the Exchange 2010 Setup
    wizard with an account that has the permissions required (Schema Admins,
    Domain Admins, and Enterprise Admins) to prepare Active Directory and the
    domain, the wizard will automatically prepare Active Directory and the
    domain. For more information, see Install Exchange Server 2010.
    However, if you’re deploying a new Exchange organization, and you’re
    preparing your Active Directory schema and domains using a computer
    running Windows Server 2008, you must first install the Active Directory
    management tools on the Windows Server 2008 computer prior to preparing
    the schema or domains. To do this, run the following command.

 

Copy Code

ServerManagerCmd -i RSAT-ADDS

Prepare
Active Directory and domains

To track the progress of Active Directory replication, you can use
the Active Directory Replication Monitor tool (replmon.exe), which is installed
as part of the Windows Server 2003 Support Tools Setup. By default, it’s
located at %programfiles%\support tools\. Add your domain controllers as
monitored servers so that you can track the progress of replication throughout
the domain.

  1. If you have any computers
    in your organization running Microsoft Exchange Server 2003, open a Command
    Prompt window, and then run one of the following commands:
  • To prepare legacy Exchange
    permissions in every domain in the forest that contains the Exchange Enterprise
    Servers and Exchange Domain Servers groups, run the following command.

    setup /PrepareLegacyExchangePermissions or setup /pl

  • To prepare legacy Exchange
    permissions in a specific domain, run the following command.

    setup /PrepareLegacyExchangePermissions:<FQDN of domain you want
    to prepare
    > or setup /pl:<FQDN of domain you want to
    prepare
    >

Note:

You can
skip this step and prepare the legacy Exchange permissions as part of Step 2
or Step 3. The advantages of running each step separately are that you can
run each step with an account that has the minimum permissions required for
that step, and you can verify completion, success, and replication before
continuing to the next step.
  1. Note the following:
  • To run this command to
    prepare every domain in the forest, you must be a member of the Enterprise
    Admins group. To run this command to prepare a specific domain, or if the
    forest has only one domain, you must be delegated the Exchange Organization
    Management role, and you must be a member of the Domain Admins group in the
    domain that you will prepare.
  • If you don’t specify a
    domain, the domain in which you run this command must be able to contact all
    domains in the forest. If the server can’t contact a domain that must have
    legacy Exchange permissions prepared, it prepares the domains that it can
    contact, and then returns an error message that it was unable to contact some
    domains.
  • You can run this command
    from any Windows Server 2008 server in the forest.
  • You must run this command
    on a computer in the same domain and in the same Active Directory site as the
    schema master. Setup will make all configuration changes to the schema master
    to avoid conflicts because of replication latency. For more information, see Identify the schema master.
  • After you run this command,
    you must wait for the permissions to replicate across your Exchange
    organization before continuing to the next step. If the permissions haven’t
    replicated, the Recipient Update Service on your Exchange 2003 computers could
    fail. The amount of time that replication takes depends on your Active
    Directory site topology.
  • For detailed information
    about the permissions set by this command, see Prepare Legacy Exchange 2003 Permissions.
  1. From a Command Prompt
    window, run the following command.

    setup /PrepareSchema or setup /ps

Note:

You can
skip this step and prepare the schema as part of Step 3.

Important:

Don’t
run this command in a forest in which you don’t plan to run setup
/PrepareAD
. If you do, the forest will be configured incorrectly, and you
won’t be able to read some attributes on user objects.

Note:

It
isn’t supported to use the LDIF Directory Exchange tool (LDIFDE) to manually
import the Exchange 2010 schema changes. You must use Setup to update the
schema.
  1. This command performs the
    following tasks:
  • Connects to the schema
    master and imports LDAP Data Interchange Format (LDIF) files to update the
    schema with Exchange 2010 specific attributes. The LDIF files are copied to the
    Temp directory, and then deleted after they are imported into the schema.

Note the following:

  • To run this command, you
    must be a member of the Schema Admins group and the Enterprise Admins group.
  • You must run this command
    on a 64-bit computer in the same domain and in the same Active Directory site
    as the schema master.
  • If you haven’t completed
    Step 1, setup /PrepareSchema will automatically perform the PrepareLegacyExchangePermissions
    step. To complete the PrepareLegacyExchangePermissions step, the domain
    in which you run this command must be able to contact all domains in the
    forest. The advantages of running each step separately are that you can run
    each step with an account that has the minimum permissions required for that
    step, and you can verify completion, success, and replication before continuing
    to the next step.
  • If you use the /DomainController
    parameter with this command, you must specify the domain controller that is the
    schema master.
  • After you run this command,
    you should wait for the changes to replicate across your Exchange organization
    before continuing to the next step. The amount of time this takes is dependent
    upon your Active Directory site topology.
  • For more information, see Exchange Server Changes to the Active Directory Schema.
  1. From a Command Prompt
    window, run the following command.

    setup /PrepareAD [/OrganizationName:<organization name>]
    or setup /p [/on:<organization name>]

    This command performs the following tasks:

  • If the Microsoft Exchange container
    doesn’t exist, this command creates it under
    CN=Services,CN=Configuration,DC=<root domain>.
  • If no Exchange organization
    container exists under CN=Microsoft
    Exchange,CN=Services,CN=Configuration,DC=<root domain >, you must
    specify an organization name using the /OrganizationName parameter. The
    organization container will be created with the name that you specify.

    The Exchange organization name can contain only the following characters:

    A through Z

    a through z

    0 through 9

    Space (not leading or trailing)

    Hyphen or dash

    The organization name can’t contain more than 64 characters. The organization
    name can’t be blank. If the organization name contains spaces, you must enclose
    the name in quotation marks (“).

  • Verifies that the schema
    has been updated and that the organization is up to date by checking the objectVersion
    property in Active Directory. The objectVersion property is in the
    CN=<your organization>,CN=Microsoft
    Exchange,CN=Services,CN=Configuration,DC=<domain> container. The objectVersion
    value for Exchange 2010 RTM is 12640. The objectVersion value for
    Exchange 2010 SP1 is 13214.
  • If the containers don’t
    exist, creates the following containers and objects under CN=<Organization
    Name
    >,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root
    domain
    >, which are required for Exchange 2010:

    CN=Address Lists Container,CN=<Organization Name>,CN=Microsoft
    Exchange,CN=Services,CN=Configuration,DC=<root domain>

    CN=Addressing,CN=<Organization Name>,CN=Microsoft
    Exchange,CN=Services,CN=Configuration,DC=<root domain>

    CN=Administrative Groups,CN=<Organization Name>,CN=Microsoft
    Exchange,CN=Services,CN=Configuration,DC=<root domain>

    CN=Client Access,CN=<Organization Name>,CN=Microsoft
    Exchange,CN=Services,CN=Configuration,DC=<root domain>

    CN=Connections,CN=<Organization Name>,CN=Microsoft
    Exchange,CN=Services,CN=Configuration,DC=<root domain>

    CN=ELC Folders,CN=<Organization Name>,CN=Microsoft
    Exchange,CN=Services,CN=Configuration,DC=<root domain>

    CN=ELC Mailbox Policies,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root
    domain
    >

    CN=Global Settings,CN=<Organization Name>,CN=Microsoft
    Exchange,CN=Services,CN=Configuration,DC=<root domain>

    CN=Mobile Mailbox Policies,CN=<Organization Name>,CN=Microsoft
    Exchange,CN=Services,CN=Configuration,DC=<root domain>

    CN=Recipient Policies,CN=<Organization Name>,CN=Microsoft
    Exchange,CN=Services,CN=Configuration,DC=<root domain>

    CN=System Policies,CN=<Organization Name>,CN=Microsoft
    Exchange,CN=Services,CN=Configuration,DC=<root domain>

    CN=Transport Settings,CN=<Organization Name>,CN=Microsoft
    Exchange,CN=Services,CN=Configuration,DC=<root domain>

    CN=UM AutoAttendant,CN=<Organization Name>,CN=Microsoft
    Exchange,CN=Services,CN=Configuration,DC=<root domain>

    CN=UM DialPlan,CN=<Organization Name>,CN=Microsoft
    Exchange,CN=Services,CN=Configuration,DC=<root domain>

    CN=UM IPGateway,CN=<Organization Name>,CN=Microsoft
    Exchange,CN=Services,CN=Configuration,DC=<root domain>

    CN=UM Mailbox Policies,CN=<Organization Name>,CN=Microsoft
    Exchange,CN=Services,CN=Configuration,DC=<root domain>

  • If it doesn’t exist,
    creates the default Accepted Domains entry, based on the forest root namespace,
    under CN=Transport Settings,CN=<Organization Name>,CN=Microsoft
    Exchange,CN=Services,CN=Configuration,DC=<root domain>.
  • Assigns specific
    permissions throughout the configuration partition.
  • Imports the Rights.ldf
    file. This adds the extended rights required for Exchange to install into
    Active Directory.
  • Creates the Microsoft
    Exchange Security Groups organizational unit (OU) in the root domain of the
    forest and assigns specific permissions on this OU.
  • Creates the following
    management role groups within the Microsoft Exchange Security Groups OU:

    Exchange Organization Management

    Exchange Recipient Management

    Exchange Server Management

    Exchange View-Only Organization Management

    Exchange Public Folder Management

    Exchange UM Management

    Exchange Hygiene Management

    Exchange Records Management

    Exchange Discovery Management

    Exchange Delegated Setup

  • Adds the new universal
    security groups (USGs) that are within the Microsoft Exchange Security Groups
    OU to the otherWellKnownObjects attribute stored on the CN=Microsoft
    Exchange,CN=Services,CN=Configuration,DC=<root domain> container.
  • Creates the Unified
    Messaging Voice Originator contact in the Microsoft Exchange System Objects
    container of the root domain.
  • Prepares the local domain
    for Exchange 2010. For information about what tasks are completed to prepare a
    domain, see Step 4.

Note the following:

  • To run this command, you
    must be a member of the Enterprise Admins group.
  • The computer where you run
    this command must be able to contact all domains in the forest on port 389.
  • You must run this command
    on a computer in the same domain and in the same Active Directory site as the
    schema master. Setup will make all configuration changes to the schema master
    to avoid conflicts because of replication latency.
  • If you haven’t completed
    Step 1, setup /PrepareAD will automatically perform the PrepareLegacyExchangePermissions
    step. To complete the PrepareLegacyExchangePermissions step, the domain
    in which you run this command must be able to contact all domains in the
    forest. If you’re also a member of the Schema Admins group, and if you haven’t
    completed Step 2, setup /PrepareAD will automatically perform the
    PrepareSchema step. The advantages of running each step separately are that you
    can run each step with an account that has the minimum permissions required for
    that step, and you can verify completion, success, and replication before
    continuing to the next step.
  • After you run this command,
    you should wait for the changes to replicate across your Exchange organization
    before continuing to the next step. The amount of time this takes is dependent
    upon your Active Directory site topology.
  • To verify that this step
    completed successfully, make sure that there is a new OU in the root domain
    called Microsoft Exchange Security Groups. This OU should contain the
    following new Exchange USGs:

    Exchange Security Groups OU:

    Exchange Organization Management

    Exchange Recipient Management

    Exchange Server Management

    Exchange View-Only Organization Management

    Exchange Public Folder Management

    Exchange UM Management

    Exchange Hygiene Management

    Exchange Records Management

    Exchange Discovery Management

    Exchange Delegated Setup

    ExchangeLegacyInterop

  1. From a Command Prompt
    window, run one of the following commands:
  • Run setup /PrepareDomain
    or setup /pd to prepare the local domain. You don’t need to run this in
    the domain where you ran Step 3. Running setup /PrepareAD prepares the
    local domain.
  • Run setup
    /PrepareDomain:
    <FQDN of domain you want to prepare> to prepare
    a specific domain.
  • Run setup
    /PrepareAllDomains
    or setup /pad to prepare all domains in your
    organization.

These commands perform the following tasks:

  • If this is a new
    organization, creates the Microsoft Exchange System Objects container in the
    root domain partition in Active Directory and sets permissions on this
    container for the Exchange Servers, Exchange Organization Administrators, and
    Authenticated Users groups. This container is used to store public folder proxy
    objects and Exchange-related system objects, such as the mailbox database’s
    mailbox.
  • Sets the objectVersion
    property in the Microsoft Exchange System Objects container under DC=<root
    domain
    >. This objectVersion property contains the version of
    domain preparation. The version for Exchange 2010 RTM is 12640. The version for
    Exchange 2010 RTM is 13040.
  • Creates a domain global
    group in the current domain called Exchange Install Domain Servers. The command
    places this group in the Microsoft Exchange System Objects container. It also
    adds the Exchange Install Domain Servers group to the Exchange Servers USG in
    the root domain.

Note:

The
Exchange Install Domain Servers group is used if you install Exchange 2010 in
a child domain that is an Active Directory site other than the root domain.
The creation of this group allows you to avoid installation errors if group
memberships haven’t replicated to the child domain.
  • Assigns permissions at the
    domain level for the Exchange Servers USG and the Exchange Recipient
    Administrators USG.

Note the following:

  • To run setup
    /PrepareAllDomains
    , you must be a member of the Enterprise Admins group.
  • To run setup
    /PrepareDomain
    , if the domain that you’re preparing existed before you ran setup
    /PrepareAD
    , you must be a member of the Domain Admins group in the domain.
    If the domain that you’re preparing was created after you ran setup
    /PrepareAD
    , you must be a member of the Exchange Organization
    Administrators group, and you must be a member of the Domain Admins group in
    the domain.
  • For domains in an Active
    Directory site other than the root domain, /PrepareDomain might fail
    with the following messages:

    “PrepareDomain for domain <YourDomain> has partially
    completed. Because of the Active Directory site configuration, you must wait at
    least 15 minutes for replication to occur, and run PrepareDomain for <YourDomain>
    again.”

    “Active Directory operation failed on <YourServer>. This
    error is not retriable. Additional information: The specified group type is
    invalid.

    Active Directory response: 00002141: SvcErr: DSID-031A0FC0, problem 5003
    (WILL_NOT_PERFORM), data 0

    The server cannot handle directory requests.”

    If you see these messages, wait for or force Active Directory replication between
    this domain and the root domain, and then run /PrepareDomain again.

  • You must run this command
    in every domain in which you will install Exchange 2010. You must also run this
    command in every domain that will contain mail-enabled users, even if the domain
    doesn’t have Exchange 2010 installed.

To verify that this step completed successfully, confirm the
following:

  • You have a new global group
    in the Microsoft Exchange System Objects container called Exchange Install
    Domain Servers.

Note:

To view
the Microsoft Exchange System Objects container in Active Directory Users and
Computers, on the View menu, click Advanced Features.
  • The Exchange Install Domain
    Servers group is a member of the Exchange Servers USG in the root domain.
  • On each domain controller
    in a domain in which you will install Exchange 2010, the Exchange Servers USG
    has permissions on the Domain Controller Security Policy\Local Policies\User
    Rights Assignment\Manage Auditing and Security Log policy.

 

 

 

Upgrade database availability group members

When upgrading a database availability group (DAG) member to
Exchange 2010 SP1, you need to consider and plan for some specific issues.
Before upgrading any DAG members to Exchange 2010 SP1, consider the following:

  • Upgrade only passive servers
    Before applying Exchange 2010 SP1 to a DAG member, move all active mailbox
    database copies off the server to be upgraded and configure the server to
    be blocked from activation. If the server to be upgraded currently holds
    the primary Active Manager role, move the role to another DAG member prior
    to performing the upgrade. You can determine which DAG member holds the
    primary Active Manager role by running Get-DatabaseAvailabilityGroup
    -Status | Format-List PrimaryActiveManager.
  • Place server in maintenance mode
    Before applying Exchange 2010 SP1 to any DAG member, you may want to
    adjust monitoring applications that are in use so that the server doesn’t
    generate alerts or alarms during the upgrade. For example, if you’re using
    Microsoft System Center Operations Manager 2007 to monitor your DAG
    members, you should put the DAG member to be upgraded in maintenance mode
    prior to performing the upgrade.
  • Stop any processes that might
    interfere with the upgrade
    Stop any
    scheduled tasks or other processes running on the DAG member or within
    that DAG that could adversely affect the DAG member being upgraded or the
    upgrade process.
  • Verify the DAG is healthy
    Before applying Exchange 2010 SP1 to any DAG member, we recommend that you
    verify the health of the DAG and its mailbox database copies. A healthy
    DAG will pass MAPI connectivity tests to all active databases in the DAG,
    will have mailbox database copies with a copy queue length and replay
    queue length that’s very low, if not 0, as well as a copy status and
    content index state of Healthy.
  • Be aware of other implications of
    the upgrade
    A DAG member running the RTM
    version of Exchange 2010 can move its active databases to a DAG member
    running Exchange 2010 SP1, but not the reverse. After a DAG member has
    been upgraded to Exchange 2010 SP1, its active database copies can’t be
    moved to another DAG member running the RTM version.
Advertisements