Microsoft Exchange Server is a mission-critical platform that provides email messaging and calendaring services. It is important to strengthen the server security and keep the server updated with the latest security updates to patch the vulnerabilities that attackers may exploit to gain access to your servers and network.
Microsoft provides Security Updates for the latest two Cumulative Updates (CUs) released for Exchange 2013 and later versions. Extended support for Exchange 2010 ended back in October 2020. Thus, if your organization is running an outdated Exchange Server version or CU, you must immediately update your server to the latest CU to continue receiving the latest Security Updates (SUs).
In this article, we have shared the best practices and the steps to upgrade an outdated Exchange Server to the latest Cumulative Update (CU).
Best Practices for Upgrading Exchange Server
Follow these best practices to avoid issues during or after the Security Update or Cumulative Update.
- Install and test the CU in a non-production environment first. This will help you detect bugs and avoid any issues later that may adversely affect your production server.
- Always take a verified VSS backup before updating or upgrading the Exchange Server. This will help you restore if anything goes wrong.
- Always backup all your customizations, such as IIS settings, OWA customizations, etc., as they may not survive the update.
- Always use an elevated command prompt to install the Cumulative Update and Security Updates.
- Before upgrading or updating the Exchange Server, disable the anti-virus software.
- Restart the server once the upgrade is finished and test it.
Steps to Upgrade Exchange Server to Latest CU
Upgrading Exchange Server is neither complex nor simple. The whole upgrade process depends on whether the Exchange Server CU prerequisites are fulfilled or not before beginning the process.
If you are upgrading from an unsupported CU to the latest CU and no intermediate CUs are available, you must update the .NET framework to the newest version, supported by your Exchange Server version. Then upgrade the server to the latest CU. However, Microsoft does not claim that an upgrade failure will not occur using this method.
But it’s still important to upgrade your Exchange Servers to the latest CU. The following steps would help you to complete the upgrade process successfully and possibly without encountering any error.
Step 1: Check Your Exchange Server Build
Check your current Exchange Server build before downloading the latest CU for the upgrade. For this, open Exchange Management Shell (EMS) and run the following command:
Get-ExchangeServer | Format-List Name,Edition,AdminDisplayVersion
This will display the current CU installed and running on your Exchange Server.
Note: If your organization is running Exchange Server 2010, consider setting up and migrating your organization from Exchange 2010 to the latest supported Exchange Server edition, such as Exchange 2013, 2016, or 2019.
Step 2: Download the Latest Exchange Server CU
Visit the Exchange Server build number and release dates page to download the latest Exchange Server 2013, 2016, or 2019 CU release for your server. You don’t need to download or install intermediate CU even if they are available. You can directly upgrade from any CU version to the latest version as CU is a full installation of Exchange, including all previously released security updates and features.
Before downloading the CU, choose the correct language from the Select Language dropdown.
If the downloaded CU is in .exe file format, you may follow the next step to install it. However, if the CU is an ISO file, right-click on the CU ISO file and choose Mount.
Step 3: Put the Exchange Server in Maintenance Mode
To put the Exchange Server in maintenance mode for CU upgrade, follow these steps:
- Set HubTransport Service to Drain State
For this, open Exchange Management Shell (EMS) and then execute the following command:
Set-ServerComponentState -Identity “ServerName” -Component HubTransport -State Draining -Requester Maintenance
- Put Server in Maintenance Mode
Set-ServerComponentState “ServerName” -Component ServerWideOffline -State Inactive -Requester Maintenance
- Verify Maintenance Mode
To check the server is switched to maintenance mode, run the following command in the EMS.
Get-ServerComponentState -Identity “ServerName”
The state for all components, except Monitoring and RecoveryActionEnabled, should be Inactive.
Step 4: Update Active Directory and Schema
Use /PrepareAD to prepare the Active Directory forest on your current Exchange Server. If required, you can also extend the schema using the /PrepareSchema command.
The steps are as follows:
- Launch Command Prompt (CMD) as administrator.
- Then execute the following command in CMD window to navigate to the location where .exe or ISO is mounted and then prepare the Active Directory for CU upgrade.
cd <PathToMountLocation or .EXE>
.\Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataON /PrepareAD /OrganizationName:”<Organization name>”
Run the following command in the same Command Prompt window to upgrade the schema.
.\Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataON /PrepareSchema
Once done, you can move to the next step.
Step 5: Install .NET Framework
The latest CU released for Exchange Server 2013, 2016, and 2019 requires .NET Framework 4.8. Download the .NET 4.8 framework and follow these steps to install it.
- Right-click on the .NET-4.8-framework.exe file and select Run as administrator.
- Once installed, reboot the server.
Step 6: Upgrade Exchange Server to Latest CU
To upgrade Exchange Server, right-click on the Setup.exe file and choose Run as administrator. Then follow the wizard to install the CU and upgrade the Exchange Server.
You may use unattended mode to install and upgrade your outdated Exchange Server to the latest CU. For this, open the elevated Command Prompt window and execute the following command:
.\Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataON /m:upgrade
Step 7: Turn Off the Maintenance Mode
After the successful CU upgrade, reboot the server, re-import all your saved customizations, and then disable the maintenance mode by executing the following commands:
Set-ServerComponentState “ServerName” –Component ServerWideOffline –State Active –Requester Maintenance
Set HubTransport component to Active state.
Set-ServerComponentState “ServerName” –Component HubTransport –State Active –Requester Maintenance
To check whether the server is out of maintenance mode, run the following command.
Get-ServerComponentState –Identity “ServerName”
The ‘Active’ Component state indicates that the server is out of the maintenance mode. If you see some components in the Inactive state, you can use the following command to set them as Active.
Set-ServerComponentState “ServerName” –Component “ComponentName” –State Active –Requester Maintenance
Step 8: Reboot the Exchange Server
After installing and updating your Exchange Server to the latest CU, run the following command to verify:
Get-ExchangeServer | fl Name,Edition,AdminDisplayVersion
You may now download and install the latest Security Updates available for your Exchange Server version to patch the vulnerabilities and safeguard the server from threat actors.
If you encounter an error while or after upgrading to the latest CU or SU, refer to this Microsoft article. However, if the error isn’t fixed, the server fails to start, or the database gets damaged or corrupt during the CU upgrade or SU update process, use an Exchange recovery software, such as Stellar Repair for Exchange. Exchange Server Recovery software can recover mailboxes and restore them from your failed server to another live Exchange Server or Office 365 directly.
Conclusion
An outdated Exchange Server poses a great risk for any organization. It is an open invitation for threat actors to infiltrate and compromise the vulnerable Exchange server or network to steal confidential information or encrypt data for a ransom. So, keep the server updated with the latest security updates to stay safe and protect your servers from online threats and malicious attacks. However, you must upgrade your Exchange Server to the latest supported Cumulative Update to receive the latest security updates. By following the steps discussed in this guide, you can upgrade your outdated Exchange Server to the latest CU. However, the upgrade process may not be smooth and fail due to unforeseen reasons. Thus, it’s important to take a backup before beginning the upgrade process.
Founder Dinis Guarda
IntelligentHQ Your New Business Network.
IntelligentHQ is a Business network and an expert source for finance, capital markets and intelligence for thousands of global business professionals, startups, and companies.
We exist at the point of intersection between technology, social media, finance and innovation.
IntelligentHQ leverages innovation and scale of social digital technology, analytics, news and distribution to create an unparalleled, full digital medium and social business network spectrum.
IntelligentHQ is working hard, to become a trusted, and indispensable source of business news and analytics, within financial services and its associated supply chains and ecosystems.
