Solved

Preventative measure for Exchange Server Windows & Service Pack patching

Posted on 2015-01-31
12
112 Views
Last Modified: 2015-02-02
People,

I'm currently planning to apply the Exchange Server 2010 Service Pack 3 and also applying the Cumulative Update 7 along with Windows Update which haven't been done since the past two years (~110+ patches).

So in this case it I cannot afford to lose any of the Exchange Server due to the bad update or broken server due to patches. It is currently running on VMware VM with the following details:

HT/CAS role:
PRODHT-CAS01-VM
PRODHT-CAS02-VM

Mailbox Server stand alone non-DAG:
PRODMBX01-VM
PRODMBX02-VM

Domain Controllers:
PRODDC01-VM
PRODDC02-VM
PRODDC03-VM

My questions are:

1. When taking the VMware snapshot for easy rollback, do I have to take the entire 3 sets of the domain controller as well ?

2. Assuming I have done the Schema Update successfully and moving on to apply the SP3 to the HT/CAS server role, do I have to take both of the mailbox server VMs snapshot as well ?

If anyone has a better way to quickly roll back broken Exchange server due to patching, please sahre it here.

Thanks,
0
Comment
  • 6
  • 6
12 Comments
 
LVL 120

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40581307
I would not bother with snapshots, because when a VM is running on a snapshot performance is poor, and updating will be slow, also the snapshot delta disk, will be very large, and also take time to merge.

I would recommend, that you schedule some downtime, for ALL your servers listed,

1. Power them ALL off. (at a very quiet time early morning), and disable mail flow.

2. Get Full Backups of all the servers (so you have three backups in different locations).

3. Power ON, and apply all your changes required.

4. Restart Mail Servers, and enable Mail flow.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40581372
ok, so if I take the backup for all of the servers at the same time using the snapshot would that be OK ?

my VMFS datastore are all running on SSD.
0
 
LVL 120
ID: 40581379
Full Backups *NOT* snapshots, please read what I wrote about snapshots!

The above is what we practice with our clients.

Any Change Control, will demand good working practices, and that is full backups of any production machine before backup, Snapshots are not backups.
0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40581390
OK , that does make sense for the Mailbox server role.

so what about the HT-CAS server role patching, can I still take the snapshot for the VM that I'm patching ?
Because my understanding is that I can drain stop the NLB and HT-CAS servers doesn't store email.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40581391
On second thought,

For the mailbox servers. Can I apply the patch or take the snapshot after disconnecting the vNIC inside the guest OS VM ?

In this way the mailbox server 01 VM patch or service pack is installed without affecting any other VMs ?

So roll back will only affect one server only not all.
0
 
LVL 120
ID: 40581407
We DO NOT use Snapshots for ANY PRODUCTION system, whilst patching.

We prefer to follow the plan as we've highlighted.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40581411
So what about the plan to disconnect the vNIC and then use the snapshot ?

In that case the snapshot rollback should not cause any data to be sent out to the rest of the servers ?
0
 
LVL 120

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40581418
If anyone has a better way to quickly roll back broken Exchange server due to patching, please sahre it here.

We prefer to power all the servers OFF, and Full Backup.

Again, we do not recommend snapshot rollbacks, because performance is slow, when applying patches, they are not backups, and snapshot rollbacks go wrong, fail, take time, datastore runs out of space.

If you want to complete a snapshot and remove the connection - go ahead - but I'm not recommending that course of action, we don't do it!

we practice IT, on worst case scenario, what can go wrong, and Snapshots are HIGH RISK!

Are these your Exchange Severs and AD, or a clients ?

Often when shortcuts are taken, mistakes are made, and disaster happens.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40581422
Ah I see. This is my in house Exchange servers which hasn't been patched since last year or two.

I have set the Veeam backup to take the VM backup regularly. So if I restore the VM that is failed, would I need to restore the other servers as well ?
0
 
LVL 120
ID: 40581480
Just need to restore the VMs which have failed.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40582359
ok, quick question, is it a safe practice to stop all Exchange server services when applying the patch or service pack on the Mailbox server role ?

in my case here, I do not have DAG
0
 
LVL 120

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40582402
You may find, the patch may complain it cannot find the Exchange Services.
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question