Link to home
Start Free TrialLog in
Avatar of nurturer69
nurturer69

asked on

Best practices to update Exchange 2013 servers

Apart from probably staggering the schedules for downtime for critical and security update installs, amongst one's Exchange 2013 clusters, is there any information on best practices for critical and security update installations?

We have two physical sites, say (a) and (b).  Site (a) has one main virtual Exchange 2013 server, along with a 2nd. Exchange 2013 server from site (b) for possible disaster recovery, in that, if site (b) goes down, site (b) can continue to function as it has a server at site (a), etc.

Is there a routine or order in which the servers are updated and then rebooted?
Avatar of Simon Butler (Sembee)
Simon Butler (Sembee)
Flag of United Kingdom of Great Britain and Northern Ireland image

You can only update passive servers - if you attempt to patch an active server then it will failover to become the passive.
Therefore the rule is usually to do the current passive first (rather than trigger a failover), then failover and do the active.
However be aware that in a lot of cases, once you have failed over to the later version, you cannot fail back to an older version. This is because changes are made to the database.

The CAS role is AD site wide, so you will have clients using all servers in an AD site for CAS connectivity - it doesn't matter which DAG the server is a member of. As such, you should patch both servers in the same AD site so that the CAS role is at the same version, then patch the other site.

Simon.
Avatar of nurturer69
nurturer69

ASKER

The updates to install are from Windows Update in Control Panel, or is there a different setup file or executable to run?
Windows Update will just update Windows and other applications - it doesn't do Exchange.
Exchange 2013 Cumulative Updates have to be done separately by downloading the update file and running setup.exe

Simon.
Will the server need to be placed into maintenance mode thru power shell on the server to be updated?

Example:

Set-ServerComponentState –Identity Server1 –Component HubTransport –State Draining –Requester Maintenance Get-Queue –Server Server1 | Format-Table Identity, MessageCount
It doesn't have to be, although you can choose to do so.
I usually do so, but every now and then will not, which gives the failover capability a test.

Simon.
And is it necessary to update the schema?
If the update requires it then it will do it for you.

Simon.
So, as a synopsis:

PART 1:
1) Download Cumulative update to passive server on site 1
2) Place server in maintenance mode (or don't - decision is arbitrary)
3) Launch Cumulative update setup.exe file
4) Wait for completion of updates
5) When complete, reboot server.

PART2:
1) Fail active server as passive, making recently updated passive server the active server on site 1
2) Download Cumulative update to passive server (normally active server) on site 1
2) Place server in maintenance mode (or don't - decision is arbitrary)
3) Launch Cumulative update setup.exe file
4) Wait for completion of updates
5) When complete, reboot server.
6) Fail active server over making it the passive server again.

STEP 3:
Perform testing by logging into EAC and OWA to check mailbox accessibility and Outlook functionality.

STEP 4:
Repeat same steps for site 2

Am I missing anything?
ASKER CERTIFIED SOLUTION
Avatar of Simon Butler (Sembee)
Simon Butler (Sembee)
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial