The first step is to remove the server that is about to be updated from the Network Load Balancing (NLB) cluster.

There are two ways to take a CAS array member our of the NLB cluster:

  • Issue a Stop command to the server
  • Issue a Drainstop command to the server

The difference between the two is that Stop will immediately stop the server regardless of who is currently connected to it, while Drainstop will put the server in a state where it will not accept new connections but will continue serving existing connections until they disconnect.

For urgent updates a Stop command may be necessary, but for planned maintenance a Drainstop has the least potential impact on active client connections to the CAS array.

To issue a Drainstop launch Network Load Balancing Manager, right-click on the desired server, choose Control Host and then Drainstop.

 

 

When the server has no more active connections it will be in a stopped state.

 

 

Right click the server and choose Properties. Set the default state of the server to Stopped. This will prevent it from automatically starting and accepting client connections after any reboots that the updates require, to allow you time to verify the updates were successful first before rejoining the NLB cluster

 

Stop Conflicting Services

 

The Client Access Server role is often installed on the same server as the Hub Transport server role, even when deployed as a CAS array.

 

Hub Transport servers often run additional applications such as antivirus and anti-spam software that hooks into the Exchange Server services. These can cause conflicts with Exchange Server updates, for example if a third party application tries to automatically restart a service that it depends on that has been stopped by the update process.

 

Forefront is one example of this, so for servers running Forefront Protection for Exchange those services can be stopped using FSUtility.

 

C:\> fsutility /disable

 

Disabling Monitoring

 

If the CAS array members are monitored using SCOM or another system this should also be disabled, or placed into maintenance mode before the update is performed. This prevents unnecessary alarms in the monitoring system due to stopped services or server restarts, and also prevents the monitoring agent from trying to perform any automatic remediation such as restarting services.

 

Backing Up the Server

 

Some organizations will require an ad-hoc backup be run of at least one CAS array member before updates are applied. Others will be happy to rely on the latest scheduled backup instead. And some will even be satisfied that multiple CAS array members exist and so if a bad update puts one of them out of action there is no outage to end users, and the server can simply be manually reinstalled.

 

Updating the Server

 

Install the update following the procedure for that update type.

 

Update rollups come in the form of a .MSP file (Windows Installer Patch) that is applied to the server. Simply double-click the file or launch it from a command line window.

 

Service packs are a complete reissue of the Exchange Server setup files and are installed by running setup in upgrade mode, which can be run in either graphical or command line mode.

 

C:\> setup /m:upgrade

 

Both update rollups and service packs can take some time to install, so plan a large window of time for these updates.

 

Verifying the Update

 

After the update has completed, and if necessary the server rebooted, you should check the server’s health before placing it back into production in the CAS array.

 

Event Logs – look for error or warning events that have started since the update was applied.

 

Setup Logs – service packs write a complete setup log file to C:\ExchangeSetupLogs

 

Services – check the Exchange services are running (or at least those that you expect to be running, some such as IMAP and POP will be stopped if you have not explicitly enabled them)

 

[PS] C:\>get-service *exchange*

 

 

 

Status   Name               DisplayName

 

——   —-               ———–

 

Running  MSExchangeAB       Microsoft Exchange Address Book

 

Running  MSExchangeADTop… Microsoft Exchange Active Directory…

 

Running  MSExchangeAntis… Microsoft Exchange Anti-spam Update

 

Running  MSExchangeEdgeSync Microsoft Exchange EdgeSync

 

Running  MSExchangeFBA      Microsoft Exchange Forms-Based Auth…

 

Running  MSExchangeFDS      Microsoft Exchange File Distribution

 

Stopped  MSExchangeImap4    Microsoft Exchange IMAP4

 

Running  MSExchangeMailb… Microsoft Exchange Mailbox Replication

 

Stopped  MSExchangeMonit… Microsoft Exchange Monitoring

 

Stopped  MSExchangePop3     Microsoft Exchange POP3

 

Running  MSExchangeProte… Microsoft Exchange Protected Servic…

 

Running  MSExchangeRPC      Microsoft Exchange RPC Client Access

 

Running  MSExchangeServi… Microsoft Exchange Service Host

 

Running  MSExchangeTrans… Microsoft Exchange Transport

 

Running  MSExchangeTrans… Microsoft Exchange Transport Log Se…

 

Stopped  msftesql-Exchange  Microsoft Search  (Exchange)

 

Running  vmickvpexchange    Hyper-V Data Exchange Service

 

Returning the Server to Production

 

If the update was successful and the server healthy then it can be placed back into production.

 

Re-enable services such as Forefront Protection for Exchange.

 

C:\> fsutility /enable

 

Start the server in the NLB cluster.

 

 

Advertisements