Solved

Preventative measure for Exchange Server Windows & Service Pack patching

Posted on 2015-01-31
12
113 Views
Last Modified: 2015-02-02
People,

I'm currently planning to apply the Exchange Server 2010 Service Pack 3 and also applying the Cumulative Update 7 along with Windows Update which haven't been done since the past two years (~110+ patches).

So in this case it I cannot afford to lose any of the Exchange Server due to the bad update or broken server due to patches. It is currently running on VMware VM with the following details:

HT/CAS role:
PRODHT-CAS01-VM
PRODHT-CAS02-VM

Mailbox Server stand alone non-DAG:
PRODMBX01-VM
PRODMBX02-VM

Domain Controllers:
PRODDC01-VM
PRODDC02-VM
PRODDC03-VM

My questions are:

1. When taking the VMware snapshot for easy rollback, do I have to take the entire 3 sets of the domain controller as well ?

2. Assuming I have done the Schema Update successfully and moving on to apply the SP3 to the HT/CAS server role, do I have to take both of the mailbox server VMs snapshot as well ?

If anyone has a better way to quickly roll back broken Exchange server due to patching, please sahre it here.

Thanks,
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
12 Comments
 
LVL 120

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40581307
I would not bother with snapshots, because when a VM is running on a snapshot performance is poor, and updating will be slow, also the snapshot delta disk, will be very large, and also take time to merge.

I would recommend, that you schedule some downtime, for ALL your servers listed,

1. Power them ALL off. (at a very quiet time early morning), and disable mail flow.

2. Get Full Backups of all the servers (so you have three backups in different locations).

3. Power ON, and apply all your changes required.

4. Restart Mail Servers, and enable Mail flow.
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40581372
ok, so if I take the backup for all of the servers at the same time using the snapshot would that be OK ?

my VMFS datastore are all running on SSD.
0
 
LVL 120
ID: 40581379
Full Backups *NOT* snapshots, please read what I wrote about snapshots!

The above is what we practice with our clients.

Any Change Control, will demand good working practices, and that is full backups of any production machine before backup, Snapshots are not backups.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40581390
OK , that does make sense for the Mailbox server role.

so what about the HT-CAS server role patching, can I still take the snapshot for the VM that I'm patching ?
Because my understanding is that I can drain stop the NLB and HT-CAS servers doesn't store email.
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40581391
On second thought,

For the mailbox servers. Can I apply the patch or take the snapshot after disconnecting the vNIC inside the guest OS VM ?

In this way the mailbox server 01 VM patch or service pack is installed without affecting any other VMs ?

So roll back will only affect one server only not all.
0
 
LVL 120
ID: 40581407
We DO NOT use Snapshots for ANY PRODUCTION system, whilst patching.

We prefer to follow the plan as we've highlighted.
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40581411
So what about the plan to disconnect the vNIC and then use the snapshot ?

In that case the snapshot rollback should not cause any data to be sent out to the rest of the servers ?
0
 
LVL 120

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40581418
If anyone has a better way to quickly roll back broken Exchange server due to patching, please sahre it here.

We prefer to power all the servers OFF, and Full Backup.

Again, we do not recommend snapshot rollbacks, because performance is slow, when applying patches, they are not backups, and snapshot rollbacks go wrong, fail, take time, datastore runs out of space.

If you want to complete a snapshot and remove the connection - go ahead - but I'm not recommending that course of action, we don't do it!

we practice IT, on worst case scenario, what can go wrong, and Snapshots are HIGH RISK!

Are these your Exchange Severs and AD, or a clients ?

Often when shortcuts are taken, mistakes are made, and disaster happens.
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40581422
Ah I see. This is my in house Exchange servers which hasn't been patched since last year or two.

I have set the Veeam backup to take the VM backup regularly. So if I restore the VM that is failed, would I need to restore the other servers as well ?
0
 
LVL 120
ID: 40581480
Just need to restore the VMs which have failed.
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40582359
ok, quick question, is it a safe practice to stop all Exchange server services when applying the patch or service pack on the Mailbox server role ?

in my case here, I do not have DAG
0
 
LVL 120

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40582402
You may find, the patch may complain it cannot find the Exchange Services.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This Micro Tutorial walks you through using a remote console to access a server and install ESXi 5.1. This example is showing remote access and installation using a Dell server. The hypervisor is the very first component of your virtual infrastructu…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question