Exchange 2010 SP2 and Update Rollup 1 deployment

Posted on 2012-03-25
Last Modified: 2012-03-26
Hello Experts, requesting for your critique of our high-level Exchange 2010 SP2 and UR1 deployment procedure. We have tailored our deployment plan based on existing internet resources and will be happy to receive comments from you regarding anything that we may have missed. We are currently running on Exchange 2010 SP1 Enterprise and are planning to upgrade to SP2. We have three (3) AD sites and only two (2) of these have existing Exchange deployments, as follows:

Site A:

a. 2 x CAS/Hub (combined in one for each server) in NLB, EXCH01HUB01 and EXCH01HUB02
b. 2 x Mailbox in DAG-01, EXCH01MBX01 and EXCH01MBX03 with active database copies spread among the two.
c. 1 x Mailbox in DAG-02; EXCH01MBX02
d. 2 x Edge EXCH01EDGE01 and EXCH01EDGE02

Site B:

a. 2 x CAS/Hub (combined in one for each server) in NLB, EXCH03HUB01 and EXCH03HUB02
b. 2 x Mailbox in DAG-02, EXCH03MBX02 and EXCH03MBX04 with active database copies spread among the two.
c. 1 x Mailbox in DAG-01; EXCH03MBX01
d. 2 x Edge EXCH03EDGE01 and EXCH03EDGE02


CAS Array
1.      Install IIS 6 WMI Compatibility component on EXCH01HUB01.
2.      Issue stop command on EXCH01HUB01 node using NLB manager.
3.      Set the initial host state of EXCH01HUB01 as stopped.
4.      Apply Exchange 2010 SP2 and Exchange 2010 Update Rollup 1 on EXCH01HUB01. Restart server once complete.
5.      Start the server in the NLB cluster.
6.      Set the initial host state to Started.
7.      Repeat steps 1-6 for EXCH01HUB02, EXCH03HUB01, EXCH03HUB02

Edge Transport Servers
8.      Install Exchange 2010 SP2 and UR1 on EXCH01EDGE01. Restart server once complete.
9.      Repeat on EXCH01EDGE02, EXCH03EDGE01 and EXCHEDGE02.

Mailbox DAG
10.      Move all active mailbox database copies from EXCH01MBX01 to EXCH01MBX02
11.      Run StartDagServerMainternance.ps1 script (.\StartDagServerMaintenance.ps1 –servername EXCH01MBX01)
12.      Apply Exchange 2010 SP2 and Exchange 2010 Update Rollup 1 on EXCH01MBX01. Restart server once complete.
13.      Run Exchange powershell StopDagServerMaintenance.ps1 script. (.\StopDagServerMaintenance.ps1 –serverName EXCH01MBX01)
14.      Repeat step 10-13 for EXCH01MBX02.
15.      Balance active mailbox databases by executing the RedistributeActiveDatabases.ps1 script.
16.      Repeat steps 10-15 for EXCH03MBX02 and EXCH03MBX04.

Also, will there be any problem if we do not immediately upgrade all servers in one sitting?

Thanks in advance and cheers!

Question by:junyap
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 15

Accepted Solution

Rajkumar-MCITP earned 100 total points
ID: 37763327
Your Exchange 2010 design is very nice. Before proceeding the update, My notes to you are..

For client Access Server

1. Issuing a stop command on the CAS array node will terminate all the existing client connection, if it is ok, proceed with the settings - Disable new connections and then stop the server from NLB

2. I hope it wont make any problem, but MS recommends to remove the node from NLB, update the server and re add it to NLB

For DAG Server

1. DAG member running an older version of Exchange 2010 can move its active databases to a DAG member running a newer version of Exchange 2010, but not the reverse. - Make sure you are correct in this.

Have a look on the recommendation mentioned over here and come to a conclusion

If you are upgrading, make sure at least all the servers in a site is update to same service pack. complete CAS\HUB upgrade to sp2 first in a site and then move to mailbox.

Before updating rollup, On Internet Explorer make sure you Clear the "Check for publisher’s certificate revocation" check box on all the exchange servers.

Author Comment

ID: 37764340
Thanks Rajkumar for your timely response and advice. Reason for a two DAG setup is that we have active users in both AD sites. Some follow-up questions below:

For CAS:

1. Once we issue the stop command on one of the CAS nodes, Outlook clients connected to this shall automatically attempt to reconnect to the active node?

2. We'll try your recommendation. What is the impact of not removing the server from NLB before updating?

For DAG:

1. Thanks for the heads-up. I believe there should be no problem in this regard.

Regarding the upgrade order, is my understanding correct that we upgrade in the following order?

Site A:
1. EXCH01HUB01
2. EXCH01HUB02
3. EXCH01MBX01 (Member of DAG-01)
4. EXCH01MBX03 (Member of DAG-01)
5. EXCH01MBX02 (Member of DAG-02)

Site B:
8. EXCH03HUB01
9. EXCH03HUB02
10. EXCH03MBX02 (Member of DAG-02)
11. EXCH03MBX04 (Member of DAG-02)
12. EXCH03MBX01 (Member of DAG-01)
13. EXCH03ET01
14. EXCH03ET02

Lastly, what is the use of clearing the "Check for publisher's certificate revocation" checkbox in IE?


LVL 15

Assisted Solution

Rajkumar-MCITP earned 100 total points
ID: 37764460
for CAS

1. Definitely Outlook clients will disconnect and reconnect the second node available on the cas array.

2. Exchange 2010 RTM, Exchange 2010 SP1, and Exchange 2010 SP2 can't coexist within the same load balanced array.

You asked one question like, what if if all the servers are not update with sp2 ru1 in this environment - CAS to CAS proxy in compatibility will occur -

Order of SP2 installation is correct

Certification Revocation List -

When you install an update rollup package, Exchange tries to connect to the certificate revocation list (CRL) Web site. Exchange examines the CRL list to verify the code signing certificate. (To download and view the CRL list, see CodeSignPCA.crl.) If Exchange can't connect to the CRL Web site, the following symptoms may occur:

The installation takes a long time to complete.
You receive the following message during the installation: Creating native images for .Net assemblies
When Exchange isn't connected to the Internet, each CRL request must complete before the installation can continue.

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
how to add IIS SMTP to handle application/Scanner relays into office 365.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question