Solved

Preventative measure for Exchange Server Windows & Service Pack patching

Posted on 2015-01-31
12
107 Views
Last Modified: 2015-02-02
People,

I'm currently planning to apply the Exchange Server 2010 Service Pack 3 and also applying the Cumulative Update 7 along with Windows Update which haven't been done since the past two years (~110+ patches).

So in this case it I cannot afford to lose any of the Exchange Server due to the bad update or broken server due to patches. It is currently running on VMware VM with the following details:

HT/CAS role:
PRODHT-CAS01-VM
PRODHT-CAS02-VM

Mailbox Server stand alone non-DAG:
PRODMBX01-VM
PRODMBX02-VM

Domain Controllers:
PRODDC01-VM
PRODDC02-VM
PRODDC03-VM

My questions are:

1. When taking the VMware snapshot for easy rollback, do I have to take the entire 3 sets of the domain controller as well ?

2. Assuming I have done the Schema Update successfully and moving on to apply the SP3 to the HT/CAS server role, do I have to take both of the mailbox server VMs snapshot as well ?

If anyone has a better way to quickly roll back broken Exchange server due to patching, please sahre it here.

Thanks,
0
Comment
  • 6
  • 6
12 Comments
 
LVL 117

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE)
Andrew Hancock (VMware vExpert / EE MVE) earned 500 total points
Comment Utility
I would not bother with snapshots, because when a VM is running on a snapshot performance is poor, and updating will be slow, also the snapshot delta disk, will be very large, and also take time to merge.

I would recommend, that you schedule some downtime, for ALL your servers listed,

1. Power them ALL off. (at a very quiet time early morning), and disable mail flow.

2. Get Full Backups of all the servers (so you have three backups in different locations).

3. Power ON, and apply all your changes required.

4. Restart Mail Servers, and enable Mail flow.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
ok, so if I take the backup for all of the servers at the same time using the snapshot would that be OK ?

my VMFS datastore are all running on SSD.
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
Full Backups *NOT* snapshots, please read what I wrote about snapshots!

The above is what we practice with our clients.

Any Change Control, will demand good working practices, and that is full backups of any production machine before backup, Snapshots are not backups.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
OK , that does make sense for the Mailbox server role.

so what about the HT-CAS server role patching, can I still take the snapshot for the VM that I'm patching ?
Because my understanding is that I can drain stop the NLB and HT-CAS servers doesn't store email.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
On second thought,

For the mailbox servers. Can I apply the patch or take the snapshot after disconnecting the vNIC inside the guest OS VM ?

In this way the mailbox server 01 VM patch or service pack is installed without affecting any other VMs ?

So roll back will only affect one server only not all.
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
We DO NOT use Snapshots for ANY PRODUCTION system, whilst patching.

We prefer to follow the plan as we've highlighted.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
So what about the plan to disconnect the vNIC and then use the snapshot ?

In that case the snapshot rollback should not cause any data to be sent out to the rest of the servers ?
0
 
LVL 117

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE)
Andrew Hancock (VMware vExpert / EE MVE) earned 500 total points
Comment Utility
If anyone has a better way to quickly roll back broken Exchange server due to patching, please sahre it here.

We prefer to power all the servers OFF, and Full Backup.

Again, we do not recommend snapshot rollbacks, because performance is slow, when applying patches, they are not backups, and snapshot rollbacks go wrong, fail, take time, datastore runs out of space.

If you want to complete a snapshot and remove the connection - go ahead - but I'm not recommending that course of action, we don't do it!

we practice IT, on worst case scenario, what can go wrong, and Snapshots are HIGH RISK!

Are these your Exchange Severs and AD, or a clients ?

Often when shortcuts are taken, mistakes are made, and disaster happens.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
Ah I see. This is my in house Exchange servers which hasn't been patched since last year or two.

I have set the Veeam backup to take the VM backup regularly. So if I restore the VM that is failed, would I need to restore the other servers as well ?
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
Just need to restore the VMs which have failed.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
Comment Utility
ok, quick question, is it a safe practice to stop all Exchange server services when applying the patch or service pack on the Mailbox server role ?

in my case here, I do not have DAG
0
 
LVL 117

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE) earned 500 total points
Comment Utility
You may find, the patch may complain it cannot find the Exchange Services.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
HOW TO: Upload an ISO image to a VMware datastore for use with VMware vSphere Hypervisor 6.5 (ESXi 6.5) using the vSphere Host Client, and checking its MD5 checksum signature is correct.  It's a good idea to compare checksums, because many installat…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This Micro Tutorial walks you through using a remote console to access a server and install ESXi 5.1. This example is showing remote access and installation using a Dell server. The hypervisor is the very first component of your virtual infrastructu…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now