Exchange Update Rollup Installation. It is not Nightmare!!!
Many people feel that installation of Exchange Update Rollup is a nightmare, does it really? Well, It doesn’t, if you take certain steps of prevention.
Here are some of the myths which prevents from getting sleepless night for Update Rollups installation.
Known Issues & Pre Installation Checklist
1. Previous Interim Update (IU) Exists, Remove/Uninstall
Microsoft releases critical IUs for Exchange outside the Rollup schedule and can be obtained by contacting PSS. If you attempt to install the Rollup prior to removing the IU, you may get an error.
Prevention Step: Any installed IUs must be removed prior to applying a Rollup.
2. Permission Required
It is recommended to use the same account which was used to install Exchange server while installing Update Rollups.
If you have to use different account then make sure that you have highest permission like Exchange Organization Admin and a member of Local Admin group of Exchange server.
3. Do you have CAS-CAS Proxying deployed?
Apply the update rollup to the Internet-facing Client Access servers before you apply the update rollup to the non-Internet-facing Client Access servers.
4. Do you have Outlook Web Access customization?
When you apply an update rollup package, the update process will copy over the OWA files if it is necessary. If you have modified the Logon.aspx file or other OWA files, the customizations will be overwritten to ensure that OWA is updated correctly.
Prevention Step: Always make a backup copy of any customized Outlook Web Access files before you apply the update rollup.
After you apply the update rollup package, re-create Outlook Web Access customization in Logon.aspx.
5. Status of IPv6
Do you have IPv6 enabled in “Local Area Connection”? If you have IPv6 network and ticked/enabled in Local Area Connection, then it is fine.
But if you do NOT have IPv6 network and somehow unticked/disabled in Local Area Connection, follow below steps before Update Rollup installation.
- Enable IPv6 in Local Area Connection.
- Use Registry Editor and add registry key to completely disable IPv6 on a Windows Server 2008 computer as per KB952842
This may cause Exchange services to start or from changing ‘Startup Type’ (disabled to Automatic) after installation.
6. Lack of Internet Connectivity
You may experience long installation times and you may receive the following message:
“Creating Native images for .Net assemblies”
This issue occurs because the Exchange server issues network requests to connect to http://crl.microsoft.com/pki/crl/products/CodeSigPCA.crl and look up the certificate revocation list at NGEN time for each assembly that it compiles to native code.
Because the Exchange server is not connected to the Internet, each request must wait to timeout before moving on.
Prevention Step: Turn off the Check for publisher’s certificate revocation option on the server that is being upgraded. Follow these steps:
In Windows Internet Explorer –> Tools –> Internet Options –> Advanced tab
In the Security section, uncheck or clear the box for below tow options
“Check for publisher’s certificate revocation”
“Check for server certificate revocation”
It is considered safe to clear this security option in Internet Explorer if the computer is in a tightly controlled environment. After the setup has completed, turn on the Check for publisher’s certificate revocation option again
Further information can be found here…
Exchange 2007 managed services might time out during certificate revocation checks
7. Managed code services may not start after you install this update rollup
This problem occurs because you do not have a Microsoft .NET Framework common language runtime (CLR) build that supports the generatePublisherEvidence configuration setting.
Prevention Step: If you are using the .NET Framework 2.0, install one of the following software updates:
.NET Framework 2.0 Service Pack 1
Problems that are fixed in the .NET Framework 2.0 Service Pack 1
Software update 936707 with CRL build 2.0.50727.876
FIX: A .NET Framework 2.0 managed application that has an Authenticode signature takes longer than usual to start
Software update 942027 with CRL build 2.0.50727.926
FIX: You may notice that the memory load is very high when you run an application that is built on the .NET Framework 2.0
Refrence: Exchange Server 2007 managed code services do not start after you install an update rollup for Exchange Server 2007
8. Exchange Best Practice Analyzer
Run ExBPA regularly to find any misconfiguration, problems or standard recommendation from Microsoft on your Exchange environment.
It is also recommended to run it before installation UR and correct the errors if shows in result.
Troubleshooting Update Rollup Installation Failure
Now what if UR installation failed, where to start looking for the cause or reason behind failure?
The Exchange Software Updates forum is available to get assistance if you come across with any update rollups installation issue. Microsoft engineers monitor the forum and assist you, but what they need to troubleshoot the issue? Information on your Exchange environment, how you are installing update rollup, and errors come up in various log files. These all things gives you and them hints to get resolution while troubleshooting.
Here are some of the logs to start investigation.
- Look into Event Log for any error related to UR installation.
- Enable Verbose MSI Logging to generate setup log and look into it for any error.
- ServiceControl.log available at C:\ExchangeSetupLogs.
- UpdateOwa.log available at C:\ExchangeSetupLogs.
1. Look into Event Log for any error
This is the starting place of forensic lab :), you may see some MSI related or any other errors which might have some numbers and with it setup would have failed.
Here is an example…
Event Type: Error
Event Source: MsiInstaller
Event Category: None
Event ID: 1024
Product: Microsoft Exchange Server – Update ‘Update Rollup 8 for Exchange Server 2007 Service Pack 1 (KB968012) 8.1.375.2’ could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error code 1603 is pretty generic in MSI installation and to look further deep we need to enable verbose MSI logging. Question comes, how? Ok, let’s discuss it in next portion.
2. Enable Verbose MSI Logging to generate setup log
We can enable MSI verbose logging to get extensive details of update rollup installation with below switches…
Exchange2007-KB<kb # of Rollup>-x64-EN.msp /lxv* c:\LogName.log
Let’s take an example of Exchange 2007 SP1 UR8 which was released sometimes back. I am executing it with below command.
Exchange2007-KB968012-x64-EN.msp /lxv* c:\SP1UR8.log
This will generate extensive log of UR installation and log an activity of each and every step.
You can open this log and check for errors which may shed some light on why the installation failure occurred. If you create a thread at Exchange Software Updates forum or log a call with Microsoft PSS, they will ask for this file anyway.
3. ServiceControl.log available at C:\ExchangeSetupLogs
This file keeps the log of service ‘Status’ and ‘Startup Type’ changes happened by ServiceControl.ps1 script during UR installation.
We may find the cause of service, if stopped or disabled during UR installation.
4. UpdateOwa.log available at C:\ExchangeSetupLogs
This file keeps the log of OWA changes performed by UpdateOWA.ps1 during UR installation.
Here is an example of UpdateOwa.log file generated during successful UR8 installation but we may find the cause here if OWA comes up with errors after UR installation.
We can also find UpdateOWA.PS1 script under Program Files\Microsoft\Exchange Server\Bin directory which can be run to correct OWA errors came after UR installation.