Solved

Preventative measure for Exchange Server Windows & Service Pack patching

Posted on 2015-01-31
12
111 Views
Last Modified: 2015-02-02
People,

I'm currently planning to apply the Exchange Server 2010 Service Pack 3 and also applying the Cumulative Update 7 along with Windows Update which haven't been done since the past two years (~110+ patches).

So in this case it I cannot afford to lose any of the Exchange Server due to the bad update or broken server due to patches. It is currently running on VMware VM with the following details:

HT/CAS role:
PRODHT-CAS01-VM
PRODHT-CAS02-VM

Mailbox Server stand alone non-DAG:
PRODMBX01-VM
PRODMBX02-VM

Domain Controllers:
PRODDC01-VM
PRODDC02-VM
PRODDC03-VM

My questions are:

1. When taking the VMware snapshot for easy rollback, do I have to take the entire 3 sets of the domain controller as well ?

2. Assuming I have done the Schema Update successfully and moving on to apply the SP3 to the HT/CAS server role, do I have to take both of the mailbox server VMs snapshot as well ?

If anyone has a better way to quickly roll back broken Exchange server due to patching, please sahre it here.

Thanks,
0
Comment
  • 6
  • 6
12 Comments
 
LVL 119

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40581307
I would not bother with snapshots, because when a VM is running on a snapshot performance is poor, and updating will be slow, also the snapshot delta disk, will be very large, and also take time to merge.

I would recommend, that you schedule some downtime, for ALL your servers listed,

1. Power them ALL off. (at a very quiet time early morning), and disable mail flow.

2. Get Full Backups of all the servers (so you have three backups in different locations).

3. Power ON, and apply all your changes required.

4. Restart Mail Servers, and enable Mail flow.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40581372
ok, so if I take the backup for all of the servers at the same time using the snapshot would that be OK ?

my VMFS datastore are all running on SSD.
0
 
LVL 119
ID: 40581379
Full Backups *NOT* snapshots, please read what I wrote about snapshots!

The above is what we practice with our clients.

Any Change Control, will demand good working practices, and that is full backups of any production machine before backup, Snapshots are not backups.
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40581390
OK , that does make sense for the Mailbox server role.

so what about the HT-CAS server role patching, can I still take the snapshot for the VM that I'm patching ?
Because my understanding is that I can drain stop the NLB and HT-CAS servers doesn't store email.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40581391
On second thought,

For the mailbox servers. Can I apply the patch or take the snapshot after disconnecting the vNIC inside the guest OS VM ?

In this way the mailbox server 01 VM patch or service pack is installed without affecting any other VMs ?

So roll back will only affect one server only not all.
0
 
LVL 119
ID: 40581407
We DO NOT use Snapshots for ANY PRODUCTION system, whilst patching.

We prefer to follow the plan as we've highlighted.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40581411
So what about the plan to disconnect the vNIC and then use the snapshot ?

In that case the snapshot rollback should not cause any data to be sent out to the rest of the servers ?
0
 
LVL 119

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40581418
If anyone has a better way to quickly roll back broken Exchange server due to patching, please sahre it here.

We prefer to power all the servers OFF, and Full Backup.

Again, we do not recommend snapshot rollbacks, because performance is slow, when applying patches, they are not backups, and snapshot rollbacks go wrong, fail, take time, datastore runs out of space.

If you want to complete a snapshot and remove the connection - go ahead - but I'm not recommending that course of action, we don't do it!

we practice IT, on worst case scenario, what can go wrong, and Snapshots are HIGH RISK!

Are these your Exchange Severs and AD, or a clients ?

Often when shortcuts are taken, mistakes are made, and disaster happens.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40581422
Ah I see. This is my in house Exchange servers which hasn't been patched since last year or two.

I have set the Veeam backup to take the VM backup regularly. So if I restore the VM that is failed, would I need to restore the other servers as well ?
0
 
LVL 119
ID: 40581480
Just need to restore the VMs which have failed.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40582359
ok, quick question, is it a safe practice to stop all Exchange server services when applying the patch or service pack on the Mailbox server role ?

in my case here, I do not have DAG
0
 
LVL 119

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40582402
You may find, the patch may complain it cannot find the Exchange Services.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question