Exchange 2013 Cumulative Update installation Best Practices – Part 2

ComputerCarriage > Posts > Exchange > Exchange 2013 Cumulative Update installation Best Practices – Part 2

This article will continue demonstrate the remaining step by step installation procedure for installing cumulative update for Exchange 2013 DAG

Cumulative Update

Send & Receive connectors configuration Backup

Once you done with the exchange virtual directories backup as mentioned in the part 1 make sure to export the configuration of Send & receive connectors . This result will help you to refer in case any mismatch occur in send & receive connector configuration post CU upgrade

Open exchange PowerShell and run the following commands to take the send and receive connector backups,

$FormatEnumerationLimit =-1

Get-sendConnector | fl | Format-List | Out-File “C:\sendconnector.txt”

Get-ReceiveConnector -Server | fl | Format-List | Out-File “C:\erver1_Receiveconnector.txt”

Disable Services

Prior to cumulative update upgrade disable third party and below services.This will help you to upgrade the cumulative update smoothly

  • BES Client
  • Antivirus services
  • Monitoring appplication services
  • Qualys Cloud Agent
  • SplunkUniversalForwarder
  • Scan mail for Exchange
  • Backup Services ( Data Protector , Netbackup )

OWA Customization Backup

In case if your organization / customer customized their owa page then you have to take the backup of owa theme from the following path

c:\program files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth\15.0.1365\themes)

Certificate Revocation

Starting with IE 7.0, server certificate revocation checking is enabled by default.You can disable this feature by clicking Internet Options on the Tools menu, selecting the Advanced tab, and uncheck the Check for server certificate revocation check box as shown in the figure. You need to restart IE in order for this setting to take effect.

Disabling the revocation check in production environments isn’t recommended, so you must make sure to enable it again after cumulative update upgrade. Certificate revocation checking protects your clients against the use of invalid server authentication certificates either because they have expired or because they were revoked (e.g., when a server certificate was compromised).

certificate revocation
certificate revocation

Execution Policy

By default execution policy is Unrestricted. In case your organization configured the execution policy to RemoteSigned or Restricted then make sure to set the value to Unrestricted by using the following command

Set-ExecutionPolicy Unrestricted

Make sure to revert back the value to original once the cumulative update is over

Upgrade cumulative update

You can download the cumulative update from Microsoft download center.In this article i am going to show you how to upgrade cumulative update 23 .You can download the cumulative update 23 from the below given link

Once the cumulative update downloaded you can extract the file in to the separate folder.

Cumulative updates and Service Packs should be installed in the internet-facing site first, before installing in other sites in the organization.

  • The first servers to be updated in a site are the Mailbox servers.
  • The Client Access servers are updated second.
  • Edge Transport servers can be updated last.

Now the scenario we are going to see is upgrading the cumulative update on multi role server ( Mailbox , CAS & HUB ) infrastructure

So before start the upgrade, put the server in to the maintenance mode by manual or inbuilt script. Here we are going to use the inbuilt script to put the server in to maintenance mode

The entire process can be done from the Exchange Shell.

To start open EMS and go to:

C:\programs files\micrsoft\exchange server\v15\scripts

In the first step we put the first Exchange server In the DAG Into maintenance mode by typing the cmdlet below:

C:\programs files\micrsoft\exchange server\v15\scripts>.\StartDagServerMaintenance.ps1 –servername Server1

Once run all DBs will move to the second Exchange server

To verify that the server is In maintenance mode type:

Get-databaseavailabilitygroup –status | fl name, server*

DAG Maintenance

Cumulative updates can be applied using either the command line or graphical setup whichever you prefer.Follow the pre-installation processes outlined earlier in this article.

Do not run the upgrade from the Exchange Management Shell as this will cause it to fail due to locked files.
Run the upgrade from an elevated command prompt.

Upgrading Using the Command Line

In an elevated command prompt run the following command from the location where you extracted the cumulative update files.

Setup /m:upgrade /IAcceptExchangeServerLicenseTerms

The command prompt window will display the progress as the upgrade proceeds.


After the cumulative update has been install restart the server once prompted to do so.

If you had placed the server into maintenance mode then you can run the inbuilt script for stopping maintenance mode after the installation is finished

C:\programs files\micrsoft\exchange server\v15\scripts>.\stopDagServerMaintenance.ps1 –servername Server1

Once the cumulative update completed on all servers you can use the in built RedistributeActiveDatabases.ps1 script to redistribute the database based on activation preference

.\RedistributeActiveDatabases.ps1 –DagName DAG1 –BalanceDBsByActivationPreference –Confirm:$false

To verify and confirm the exchange build number post cumulative upgrade you can run the below command to list down for all servers as shown below

$servers=get-exchangeserver -identity servername*
$servers | foreach { Invoke-Command -ComputerName $ -ScriptBlock {Get-Command Exsetup.exe | ForEach-Object {$_.FileversionInfo} } }

Cumulative upgrade 23

Note : Above is the product version of Cumulative update 23 and Security Update For Exchange Server 2013 CU23 (KB4536988)

Leave a Reply