Preventative measure for Exchange Server Windows & Service Pack patching

People,

I'm currently planning to apply the Exchange Server 2010 Service Pack 3 and also applying the Cumulative Update 7 along with Windows Update which haven't been done since the past two years (~110+ patches).

So in this case it I cannot afford to lose any of the Exchange Server due to the bad update or broken server due to patches. It is currently running on VMware VM with the following details:

HT/CAS role:
PRODHT-CAS01-VM
PRODHT-CAS02-VM

Mailbox Server stand alone non-DAG:
PRODMBX01-VM
PRODMBX02-VM

Domain Controllers:
PRODDC01-VM
PRODDC02-VM
PRODDC03-VM

My questions are:

1. When taking the VMware snapshot for easy rollback, do I have to take the entire 3 sets of the domain controller as well ?

2. Assuming I have done the Schema Update successfully and moving on to apply the SP3 to the HT/CAS server role, do I have to take both of the mailbox server VMs snapshot as well ?

If anyone has a better way to quickly roll back broken Exchange server due to patching, please sahre it here.

Thanks,
LVL 9
Senior IT System EngineerIT ProfessionalAsked:
Who is Participating?
 
Andrew Hancock (VMware vExpert / EE MVE^2)Connect With a Mentor VMware and Virtualization ConsultantCommented:
You may find, the patch may complain it cannot find the Exchange Services.
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)Connect With a Mentor VMware and Virtualization ConsultantCommented:
I would not bother with snapshots, because when a VM is running on a snapshot performance is poor, and updating will be slow, also the snapshot delta disk, will be very large, and also take time to merge.

I would recommend, that you schedule some downtime, for ALL your servers listed,

1. Power them ALL off. (at a very quiet time early morning), and disable mail flow.

2. Get Full Backups of all the servers (so you have three backups in different locations).

3. Power ON, and apply all your changes required.

4. Restart Mail Servers, and enable Mail flow.
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
ok, so if I take the backup for all of the servers at the same time using the snapshot would that be OK ?

my VMFS datastore are all running on SSD.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Full Backups *NOT* snapshots, please read what I wrote about snapshots!

The above is what we practice with our clients.

Any Change Control, will demand good working practices, and that is full backups of any production machine before backup, Snapshots are not backups.
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
OK , that does make sense for the Mailbox server role.

so what about the HT-CAS server role patching, can I still take the snapshot for the VM that I'm patching ?
Because my understanding is that I can drain stop the NLB and HT-CAS servers doesn't store email.
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
On second thought,

For the mailbox servers. Can I apply the patch or take the snapshot after disconnecting the vNIC inside the guest OS VM ?

In this way the mailbox server 01 VM patch or service pack is installed without affecting any other VMs ?

So roll back will only affect one server only not all.
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
We DO NOT use Snapshots for ANY PRODUCTION system, whilst patching.

We prefer to follow the plan as we've highlighted.
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
So what about the plan to disconnect the vNIC and then use the snapshot ?

In that case the snapshot rollback should not cause any data to be sent out to the rest of the servers ?
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)Connect With a Mentor VMware and Virtualization ConsultantCommented:
If anyone has a better way to quickly roll back broken Exchange server due to patching, please sahre it here.

We prefer to power all the servers OFF, and Full Backup.

Again, we do not recommend snapshot rollbacks, because performance is slow, when applying patches, they are not backups, and snapshot rollbacks go wrong, fail, take time, datastore runs out of space.

If you want to complete a snapshot and remove the connection - go ahead - but I'm not recommending that course of action, we don't do it!

we practice IT, on worst case scenario, what can go wrong, and Snapshots are HIGH RISK!

Are these your Exchange Severs and AD, or a clients ?

Often when shortcuts are taken, mistakes are made, and disaster happens.
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Ah I see. This is my in house Exchange servers which hasn't been patched since last year or two.

I have set the Veeam backup to take the VM backup regularly. So if I restore the VM that is failed, would I need to restore the other servers as well ?
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Just need to restore the VMs which have failed.
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
ok, quick question, is it a safe practice to stop all Exchange server services when applying the patch or service pack on the Mailbox server role ?

in my case here, I do not have DAG
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.