Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Upgrade Exchange 2010 SP2 to SP3

Posted on 2014-02-18
Medium Priority
Last Modified: 2014-03-14
Hi Guys,

I have two Exchange 2010 SP2 servers, one Edge Transport and other multi-role CAS/HUB/MBX
I want to install SP3 from SP2 and have several questions as I have read that there is no rollback.

I have to update the schema as I did to install SP2 or is no longer necessary to install SP3? (I have rangeUpper 14732)
What server upgrade first, the Edge Trasnsport or the multi-role CAS/HUB/MBX?
After installing SP3, I must install some RU?

Thanks in advance.
Question by:techosi
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 37

Accepted Solution

Jamie McKillop earned 600 total points
ID: 39867369

The AD schema does need to be updated. If the account you are using the install SP3 has schema admin rights, this will be done automatically, otherwise, you need to run setup.exe /prepareAD with a schema admin account.

Install the update on the Edge Transport server then the multi-role server.

I recommend you install SP3 RU4 after your install SP3.

LVL 37

Assisted Solution

Mahesh earned 150 total points
ID: 39867378
You can update to Exchange 2010 SP3 directly on all servers one by one followed by any latest rollups
Schema update is required during SP3 upgrade.

Based on my experience and findings, it is not painless activity but we can try as much as possible to make it painless by implementing proper prerequisites and proper plan.

Precautionary Measures Prior to Deploy Exchange 2010 Service Packs 3:
 o Important and appropriate latest Windows Server patches must be deployed.
 Do not update KB2506143 (Not supported for exchange 2007 & 2010 and might create issue)
 o Exchange BPA needs to be run and address any critical issue reported by him.
 o Check\search MS online KB articles for known issues with Rollup update \ Service packs.
 For Ex. in case of Exchange 2010 SP2 RU6 and SP3
 o If you are upgrading from RU to newer RU or newer Service Pack, check if Previous RU setup (.msp \ .msi) files must be resided in %Systemroot%\Installer folder or upgrade will fail. Check article.
 o Ensure that account to be used must be domain account. Account must be member of Exchange Organization Management and must be local administrator on exchange server. If the same account is used to update AD schema, then it also must be member of Domain Admins, Schema Admins and Enterprise Admins Group Membership.
 o Service Pack \Rollup update sequence must be as below.
¿ UM if you have
¿ Edge Transport

• Activities to be done on Exchange Server to be upgraded prior to Deploy Service Pack:
 o Ensure that you have Latest AD and Exchange Server System State Backup with all Mailbox Databases full backup
 o If you prepared AD schema manually, then force replication to all domain controllers in forest.
 o Uninstall \ Remove any Interim Updates (IU) provided by Microsoft to address specific issues as Service Packs are cumulative and contains all fixes since last service pack.
 o Microsoft has published 2 articles related to PowerShell Execution Policy as below.
¿ – Correct One
¿ – Don’t understand why MS published this confusing article.
 First one is the correct and set your exchange server powershellexecutipolicy accordingly.
 o Check Exchange Server IPv6 status in network card properties and enable it if not enabled already.
 o Disable certificate Revocation Check on Exchange Servers. Check below link.
 o Stop and Disable Antivirus Software services completely.
 o Stop and Disable Backup Software Services Completely.
 o Stop and Disable SCOM services if any. Also on SCOM server put Exchange Server in Maintenance Mode.
 o Stop and Disable SCCM agent services if any.
 o Stop and Disable any 3rd party software processes / services.
 o In case of Hub Transport Server, disable windows Firewall for all profiles but Firewall service must be running. Remove server from NLB. Also remove server from Send Connectors.
 o In case of Mailbox Server, Firewall must be enabled and running. To avoid any disruption, add a custom inbound and outbound firewall rules which allows all programs and allports through all firewall profiles. Check below Link.
 Also put server in Maintenance Mode with scripts provided by Microsoft or as guided in below link.
 o Make sure that File Share Witness (FSW) is online if it is other than HUB Transport Server.
 o Copy Exchange Service pack Binaries in compressed format on Exchange Servers and Extract it with some extraction software to avoid file alteration during transit or copy process.
 o Lastly reboot server to be upgraded and then start Exchange setup from extracted dump.
 o You must run Setup with “elevated Command Prompt” or “Run as Administrator”.

Check my original comment in below blog post

LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 450 total points
ID: 39867383
When you apply Exchange 2010 SP3 to any server in your environment it does make schema changes to your Active Directory. You can install this on any of the Exchange servers (no particular order). I would also recommend downloading Rollup 3 as well (latest rollup) after you have installed SP3.

If for whatever reason you cannot install the SP3 on all of the servers they will continue to operate normally as they are backward compatible.

Exchange 2010 SP3 AD Schema Changes

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.


Assisted Solution

dave121 earned 300 total points
ID: 39868675

Upgrade your servers in the following order:
1.  Client Access
2.  Hub Transport
3.  Unified Messaging
4.  Mailbox
5.  Edge Transport
You may also refer to the link below to see the demonstration video of the process-

And after installing SP3, you should install Rollup 3 which can be downloaded from-


Author Comment

ID: 39894710
Totally no correct responses of the experts, the solution is a mixture of them all. So I assign a degree C

LVL 37

Expert Comment

ID: 39895155
when there is multiple choices of same level to particular question everybody will recommend his choice.
You will never get hard solution to that, its depends on your environment and your choice

Basically, I can see you have got answers to all of your questions and if you are not satisfied with answers you could ask \ raise more questions in the same post to get specific answers

Unless you ask us we never ever come to know what is your expectations

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question