Installing Exchange 2010 SP2


By now you’ll have read the news that Microsoft has released Service Pack 2 (SP2) for Exchange 2010. If not, you can read my article on WindowsITPro.com and then go and fetch the necessary bits from the Microsoft Download Center.

Installing SP2 is a relatively straightforward affair and Exchange 2010 SP1 and SP2 servers can co-exist peacefully alongside each other for as long as it takes to roll out SP2. However, it is best practice to run a consistent software level across an entire Exchange organization so it’s best to schedule the updates to occur as quickly as possible. Of course, don’t do this until after you’re happy that SP2 meets your needs and requirements and has been tested in your own environment.

The biggest hindrance in the update process for most people is likely to be the requirement to schedule the prerequisite Active Directory schema update, which is required to support new features such as Address Book Policies (ABPs). Once the schema has been updated and replicated throughout the Active Directory forest, you should be able to upgrade Exchange 2010 SP1 servers following the normal order of CAS-Hub Transport-Mailbox servers (Edge servers can be updated first or last, UM servers should be updated before mailbox servers). CAS servers in Internet-facing sites are usually the first candidates for upgrade and this is especially so in Exchange 2010 SP2 if you plan to run a hybrid on-premises/Office 365 configuration. Those who run  multi-role Exchange 2010 servers can simply start to upgrade servers…

Updates are performed from the command line with the SETUP program or by running the normal Exchange 2010 installation program. If you run SETUP, you’ll probably run the command SETUP /m:upgrade /InstallWindowsComponents to apply the upgrade and to install any Windows components that might be missing on a server.

SP2 update fails because IIS6 WMI Compatibility component is required

If you use the GUI version of the installation program to install SP2, you might encounter the error shown above when you attempt to upgrade Exchange 2010 SP1 CAS servers. This is because SP2 introduces a new requirement for CAS servers to have the IIS6 WMI Compatibility role. The Exchange installation program is able to detect the lack of prerequisite software on a server and offer to install the missing pieces for you but it can only do this for new installations as the code doesn’t cover the situation where a service pack or other upgrade introduces the need for a new component. As you’ll already have noted from the command-line example described above, the same limitation doesn’t exist for SETUP.

For those who like to script server updates, you can use PowerShell to run these commands to ensure that the correct prerequisite software is installed for Exchange 2010 SP2 (the change from previous versions is the addition of the Web-WMI component):

Import-Module ServerManager

Add-WindowsFeature NET-Framework, RSAT-ADDS, Web-Server, Web-Basic-Auth, Web-Windows-Auth, Web-Metabase, Web-Net-Ext, Web-Lgcy-Mgmt-Console, WAS-Process-Model, RSAT-Web-Server, Web-ISAPI-Ext, Web-Digest-Auth, Web-Dyn-Compression, NET-HTTP-Activation, RPC-Over-HTTP-Proxy, Web-WMI –Restart

For mailbox servers that are members of a Database Availability Group, remember that Exchange includes a script called StartDagServerMaintenance.ps1 that is designed to prepare a DAG server member for maintenance, such as installing a service pack. This script:

  1. Runs the Suspend-MailboxDatabaseCopy cmdlet for each database copy hosted on the DAG member to block replication and replay activity.
  2. Pauses the node in the cluster. This prevents the server taking on the role of the Primary Active Manager (PAM) for the DAG
  3. Sets the value of the DatabaseCopyAutoActivationPolicy parameter on the DAG member to “Blocked“. This step prevents the PAM attempting to automatically activate any of the database copies that are present on the server.
  4. Moves all the active databases that are currently hosted on the DAG member to other DAG members. Assuming that there are DAG members available to accept the workload, clients should be automatically transferred to the new locations by the RPC Client Access Layer.

Like all the other scripts included in the Exchange kit, you can find this one in the location \Program Files\Microsoft\Exchange Server\V14\Scripts. You’ll also find its companion script that’s designed to bring a DAG member back online after maintenance is complete, StopDagServerMaintenance.ps1, in the same location. This script does the following:

  1. Runs the Resume-MailboxDatabaseCopy cmdlet for each database copy hosted on the DAG member to allow the server to fully participate in database replication and replay.
  2. Resumes the node in the cluster to enable full cluster functionality for the DAG member
  3. Sets the value of the DatabaseCopyAutoActivationPolicy parameter on the DAG member to be “Unrestricted“. The PAM is then able to automatically activate database copies on the DAG member.

Note that workload is not automatically transferred back to the newly reenabled DAG member. You will have to either perform a manual switchover of databases to make them active on the DAG member or rely on the update of another DAG member to transfer databases and balance workload across the DAG. Inevitably, you will end up switching some databases around once all the servers have been upgraded to SP2.

As an example, here’s how we would run the scripts to work with a server called ExServer1 during maintenance.

1. Navigate to the scripts directory (or do one of the tricks to get the scripts directory in your search order for PowerShell).

2. Run the script to prepare a DAG server member for maintenance.

.\StartDagServerMaintenance -ServerName "EXSERVER1"

3. When maintenance is done, run the other script to bring the server back online within the DAG.

.\StopDagServerMaintenance -ServerName "EXSERVER1"

All in all, your upgrade to SP2 should proceed reasonably smoothly and with a minimum of fuss. Microsoft has invested lots of time into making it all flow nicely and you’ll appreciate their work after the upgrade is complete.

- Tony

About these ads

About Tony Redmond ("Thoughts of an Idle Mind")

Exchange MVP, author, and rugby referee
This entry was posted in Active Directory, Email, Exchange, Exchange 2010, Office 365 and tagged , , , , . Bookmark the permalink.

62 Responses to Installing Exchange 2010 SP2

  1. Hi Tony,

    I’d recommend to add the Telnet-Client feature too while you’re installing the required Windows components with PowerShell. Telnet is not required to install Exchange but it’s the first troubleshooting tool people need when something’s not working.

    Cheers,

    Jetze

  2. Mike Koch says:

    I’ve downloaded and unpacked SP2, and I’m looking for that schema update. Is that a separate process, or is it integrated into the SP2 installation? I’d like to run that first, let it propagate out to the other domain controllers, and then install SP2.

  3. Pingback: Exchange Server 2010 Service Pack (SP2) is released! - Neil Johnson - a rock 'n roll nerd.... - Site Home - TechNet Blogs

  4. info-overload says:

    Any advice on installing SP2 on SBS2011?

  5. Peter Vogl says:

    Any comment on Forefront Protection for Exchange in relation to SP2 installation? I presume that it needs to be disabled before setup starts (which stops all Exchange services).

  6. Dave Lewis says:

    Hosting mode in SP2 is still very unclear. MS is suggesting to not use the hosting switch anymore instead “creation of logical organizations is something the admins has to do by combining things like ABP’s, together with OU separation, changing ACL’s on the OAB folders, maybe creating transport rules and changing default calendar permissions etc. The guidance document outlines the things you need to consider when configuring a product that is single tenant by design, to behave in a multi-tenant way.” Are they trying to push towards development of 3rd party control panels or just another way to dominate the hosted world with 365?

  7. Billy Bruemmer says:

    Tony, do you have to run the SETUP /m:upgrade /InstallWindowsComponents command and active directory schema update if you ran them both before installing service pack one??

    • You do have to apply an additional schema update before you can install SP2. The schema has been updated between SP1 and SP2 to accommodate new features such as Address Book Policies. You might have all the necessary Windows components installed on mailbox and HT servers but the CAS servers need an additional component. I would run Setup to update the schema and then run Setup /m:Upgrade on individual servers.
      TR

  8. Pingback: Check list before installing Exchange 2010 SP2 | Exchangepro.dk

  9. Hi Tony, I found your post very informative. One thing though, I’ve not been able to find any where on the web on how long should the update take. In particular, the mailbox servers. Is it in-depended of the database sizes and are updates only for the binaries.

  10. Jeff says:

    Is Service Pack 2 for Server 2008 a prerequisite before you install SP2 for Exchange 2010? All roles are contained on 1 server but we have not upgraded that to SP2 for 2008 as of yet. I tried to install SP2 for Exchange 2010 this morning but it bailed at the Client Access Role portion 41 minutes into the upgrade

  11. Terence says:

    On a server running multiple roles e.g. CAS, Mailbox and Hub transport role on one server…. i just run setup once and the service pack updates all roles correct?

  12. Ravi says:

    I applied SP2 and now none of the clients are able to connect to the exchange server. The message says Cannot open the outlook window. The set of folders cannot be opened. Microsoft exchange is not available.

    But the service is running. What gives?

  13. Ravi says:

    I think I have many issues going on at the same time. Perhaps there is a single reason, I don’t know. One issue is Outlook is not connecting to the server. Another is that as administrator I am unable to add a new mailbox. It complains that I do not have sufficient permissions in DC. In EMC, right-click and specify the DC. Then go to tools-> best practices analyzer. Connect to AD. Now there is new screen which is for specifying the scope and I see it says the scope is for two servers. One is Exchange Administrative Group ->ServerA.(ServerA is where the exchange is installed)
    The second is First Administrative Group->ServerB. Problem is Server B was in service as DC when the Exchange was installed in SerevrA but has been decommissioned.It doesn’t exist. I am beginning to think all of my problems are here. The question is what to do now? Why is ServerB coming into picture even when I told it to use current DC?
    -Ravi

    • Ravi,

      This really sounds like your installation is screwed up. The fact that Exchange reports that you don’t have sufficient permission to add a mailbox indicates that EMC and RBAC have concluded that you don’t have membership of the Organization Management or Recipient Management role group. Are you running EMC (or EMS) with the same account as you used to install Exchange?

      If Server B shows up in the organization after it was removed, it may just be that it’s listed in Exchange’s configuration because you removed it from service without running Setup to deinstall Exchange. If necessary, you can remove the server with ADSIEdit.

      TR

      • Ravi says:

        Hi Tony,
        I have used only one account, domain admin account while installing Exchange2010 and also while running EMC or EMS. At this point should I even consider re-installing exchange2010 after making a backup of everyone’s mailbox?
        On a separate note, I am able to connect to my mail via OWA but not Outlook. Would you be able to help me to straighten this out? Its the same issue with rest of the users in my group.

        -Ravi

      • Sorry, I don’t do online consulting, mostly because I think there’s too much potential to make mistakes. I suggest that you log a support call with Microsoft and have them get you out of the mess that you’re in.

        TR

  14. Kevin Yeung says:

    Tony,

    Our CAS and mailbox servers have interim update for RU4 installed and our most updated RU level is RU4. Should the interim update for RU4 be uninstalled first before the SP2 is installed?

    Thanks,
    Kevin

  15. Chris James says:

    We haven’t yet upgraded from our relative ‘base’ install to SP1 prior to this. Are there any known issues in going directly from the base to SP2?

  16. Rashid says:

    We are trying to send email with in the same doamin but through some application when we send email through that program it rejects the email based on scl…. if I remove the check from scl… in exchange then We can receive the email from specific email account which is configured in that application..

    Any idea to sort out this problem……..

    Regards,

    Rashid

  17. Rashid says:

    while sending email to another domain that domain rejects the email with below error:

    *****@tawuniya.com.sa
    SMTP error from remote mail server after MAIL FROM: SIZE=22579:
    host mail4.tawuniya.com.sa [86.51.7.156]: 554 Message is Rejected by RBL

    why it shows riqbal@eigbox.net………………. ?
    and one time it accepts the email now that domain not accepting email from our domain…..

    Kindly advise.
    Regards,

    Rashid Iqbal

  18. Rashid says:

    Currently we have one main database for all the mail boxes, I am thinking that why not I make three databases,
    one for managements.
    second for managers
    third for users.

    is it possible that I import and export from existing database to new database…….. without any lose of emails………

    regards,

    rashid

  19. Tin says:

    Hi All,

    I’ve tried to upgrade my Exchange server 2010 to my Exchange server 2010 SP2. Actually I forgot to prepare Active Directory and domains. Then upgrading halt at Hub Transport Role 45% and recovery also halting at the same place. Now Exchange Management Console is giving “The attempt to connect to http://exchange.domain.com/PowerShell using “Kerberos” authentication failed.” and Exchange Management Shell also unable to connect exchange server. I would be much appreciated if you all can help my issue.

    • I think this is a situation where you need to contact Microsoft support and have them help you through the recovery process. There is a way to remove the “watermark” from the system registry to force Exchange to begin an installation from scratch but I think that it’s best to involve support and get their help as you fix the server.

      TR

  20. Shabbir says:

    Hi TR,

    We have Exchange 2010 (without any SP) installed on Win Server 2008 R2 Entp (SP1).

    Exchange 2010 is configured as DAG (two databases on two different servers).

    What should be the best practice or steps to install Exchange SP2?

    Thanks
    Shabbir

  21. Garrett says:

    I run the StartDAG scripts and after a few minutes, I am returned to another prompt. I assume the script worked, but how can I be certain. There wasn’t any logging that I can tell. I’ve got to service pack 6 servers, testing with our disaster recovery servers first. Thanks.

    • Is the DAG active? Are databases (active and passive) mounted?

      TR

      • Garrett says:

        Yes, the DAG is active and databases are mounted. If I attempt to run the script from a remote server using -WhatIF, I get:

        [PS] C:\Program Files\Microsoft\Exchange Server\V14\Scripts>.\StartDagServerMaintenance.ps1 -ServerName DR-EXDATA1 -whatif
        whatif: Set-MailboxServer -Identity BLOCKEDOUT -DatabaseCopyAutoActivationPolicy:Blocked
        Whatif: Suspend-MailboxDatabaseCopy `”BLOCKEDOUT`” -ActivationOnly -Confirm:False -SuspendComment `”Suspen
        ded ActivationOnly by StartDagServerMaintenance.ps1 at 2012-04-24T10:45:05`”
        [PS] C:\Program Files\Microsoft\Exchange Server\V14\Scripts>

        I don’t see where the database move would be. When I run the script without the whatif, it runs for a few seconds and then returns to the prompt. I know the database copy isn’t suspended as it doesn’t list it that way in EMC.

        If you can think of anything else that might be an issue, thanks. If not, I’ll open an incident with Microsoft so that I can get things moving.

        Thanks Tony.

      • It doesn’t matter that you’re running the script from a remote server. Everything is executed via Remote PowerShell anyway.

        Look at what the commands are doing. You’re running with -WhatIf so Exchange is showing you what will happen.

        First, it sets the policy for the server DR-EXDATA1 to prevent any databases being activated automatically by Active Manager.
        Next, it suspends activation of the database copies to make sure that an administrator doesn’t activate them.

        These steps prepares the database copies on the DAG member DR-EXDATA1 to allow you to then take the server offline. You check the effects by running the Get-MailboxDatabaseCopy cmdlet to view the properties of the database copies.

        There doesn’t seem to be any active database copies on this server. As per http://technet.microsoft.com/en-us/library/ff625233.aspx, if there were active copies, I’d expect to see them being moved. See http://www.mikepfeiffer.net/2010/08/performing-maintenance-on-dag-members-in-exchange-2010-sp1/ for a write-up on the script. Or just refer to http://technet.microsoft.com/en-us/library/dd298065.aspx, which says:

        Specifically, the StartDagServerMaintenance.ps1 script performs the following tasks:

        Runs Suspend-MailboxDatabaseCopy with the ActivationOnly parameter to suspend each database copy hosted on the DAG member for activation.
        Pauses the node in the cluster, which prevents the node from being and becoming the PAM.
        Sets the value of the DatabaseCopyAutoActivationPolicy parameter on the DAG member to Blocked.
        Moves all active databases currently hosted on the DAG member to other DAG members.
        If the DAG member currently owns the default cluster group, the script moves the default cluster group (and therefore the PAM role) to another DAG member.

  22. Rudi Delport says:

    Hi, I am installing Exchange 2010 SP2 on a server that has management tools installed. It has already been installed on all other roles in the Exchange 2010 organization. The setup fails with the last 2 steps saying it was unable to reconnect to a specified DC, however that DC is online. Any ideas?

    • Have a look in the setup log to see the exact error. It might give you some clues… look in the \ExchangeSetupLogs directory.

      • Rudi Delport says:

        Hi Tony,

        The setup log gives the same info as the error I see in the GUI. See extract from setup log that incliudes the error:

        [06/25/2012 11:46:39.0126] [1] 0. ErrorRecord: Provisioning layer initialization failed: ‘Failed to reconnect to Active Directory server .com. Make sure the server is available, and that you have used the correct credentials.’

        [06/25/2012 11:46:39.0142] [1] Setup is stopping now because of one or more critical errors.
        [06/25/2012 11:46:39.0142] [1] Finished executing component tasks.
        [06/25/2012 11:46:39.0282] [1] Ending processing Install-AdminToolsRole
        [06/25/2012 11:47:30.0172] [0] End of Setup
        [06/25/2012 11:47:30.0172] [0] **********************************************

      • Are you installing Exchange with an administrator account – something that can add an object to Active Directory? If the DC is online, it’s probably a permissions issue. I’d run the install using “Run As Administrator” with a suitably permissioned account.

        “Make sure the server is available, and that you have used the correct credentials.”

        TR

      • Rudi Delport says:

        The account I am using, is the same account that was used to upgrade the rest of the Exchange org, which worked fine. I tried running it by using Run as Administrator and that seemed to have worked. Thanks for the help.

        On a side note, could you please remove my previous comment in regards to the extract from the log file?

        Thanks again.

      • No worries. I’m glad things worked out in the end. I have amended the previous entry to remove the vast bulk of the setup log and the server names, which is what I think you might be worried about…

      • Rudi Delport says:

        Thanks Tony, appreciate it :)

  23. Mike Roeser says:

    Thanks Tony for this write up, and making yourself available for us admins of the world that are floundering around doing this update and many, many others. I enjoy, and use the information I find in your blogs daily!

  24. tony says:

    Can service pack 2 be applied to exchange 2010 version 14.00.0726.00 (Base Rollup 5, no service packs)? If so, can you point me to a document that identifies the process, and problem saving tips? Also, preparing the AD for the update..

    • You can install SP2 on top of an existing installation. Afterwards you’ll want to install the latest roll-up update to make sure that you’re running the newest software.

      There are tons of documents available on the Internet that discuss Exchange installation. I didn’t encounter any problems with SP2. There is an AD update to extend the schema for address book policies and the normal care and attention required for any AD update needs to be given to this process.

      TR

  25. Carol Ostos says:

    Hi Tony, we had to apply some Windows patches to our Exchange Server and so I decided to set the Exchange Mailbox Servers in Maintenance Mode, while running StartDagServerMaintenance I got the following messages

    Log Error- Failed at command ‘Move-DagActiveManager’ with ‘could not move the cluster group’
    Log Error -Move-CriticalMailboxResources: An error ocurred while moving critical resources off server ‘mailboxserver1′

    Note:
    a) We have a 2 node DAG, mailboxserver1 was hosting the active copies and mailboxserver2 was hosting the passive copies.
    b) MailboxServer1 was the PAM

    After realizing the script might have not done all the required steps, I performed the steps manually, installed the OS patches, reboot server and then used the StopDagServerMaintenance script which returned a warning

    Call-Cluster.exe did not succeed, but 5058 was not a retry-able error code, Not attempting any other servers, This may be an expected error by the caller.

    Checked the CopyAutoActivationPolicy and it got changed back to Unrestricted.

    Bottom line, I was able to perform all the operations manually, just thought share this with you guys in case there was something I should be aware of or be worried about.

    Thanks in advance.
    Carol

  26. Les. says:

    Hi Tony,

    I have a large estate (68 Exchange 2010 servers) in a total of 4 regions across multiple WAN links included several DAG’s each with over 64 db’s on them. I wanted to know if I could safely upgrade region by region or do i for instance have to upgrade all CAS server EMEA & AU then move onto HUB ect only it gets very difficult to plan due to time zones.

  27. david says:

    Hi Tony,

    we have 3 sites and each site has 4 exchange servers . 2 sites have exchange 2010 SP1 and one have exchange 2k7. If we update the 2 sites exchange servers from SP1 to Sp2 (2010), IT WONT create any co existence issues with exchange 2007 servers. Please clarify it

    Thanks in Advance
    David

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s