Patching Time – Part 1 / 3

There are a number of steps to take when patching.

  1. Copy patch from Microsoft to local server if not managed by WSUS.
  2. Verify the server does not have HIPS running, or at very least the HIPS has an exception for the server in question. See your local security guru to find out which, if you don’t know already.
  3. After HIPS is no longer an issue, it’s a good time to verify there are no pending reboots in place already.
    1. Open the Registry and browse to \\HKLM\System\CurrentControlSet\Control\Session Manager
    2. Look for ” PendingFileRename ” in the list of entries. If you see it, delete it. <Don’t forget to backup your registry first >
  4. Once you verify this, find your patch on the server you intend to patch.
    1. If Iso file, like Exchange2019-CU6.ISO, then locate the file and right click on it, click mount.
    2. If exe or other type, see step 5.
  5. The server now needs to be placed in Maintenance Mode.
    1. Open the Exchange Admin Console (Powershell) and run a script with the following commands in it. This is good for 2013-2019.


###Moves the Active MailBox Databases off the server being patched###

Move-activemailboxdatabase -server $source -ActivateOnServer $target | out-null

###Sets the server Component State to allow the queues to drain so mail doesn’t get stuck, then places in maintenance mode###

Set-ServerComponentState $source -Component HubTransport -State Draining -Requester Maintenance | out-null
Set-ServerComponentState $source -Component ServerWideOffline -State Inactive -Requester Maintenance | out-null

###These two services must be reset after setting the component state.###

Get-Service -ComputerName $source | Restart-Service -Confirm:$true -Include msexchangetransport, msexchangefrontendtransport

###Redirect the messages to a server in question###

Redirect-Message -Server $source -Target $target | out-null
Suspend-ClusterNode $source | out-null
Set-MailboxServer $source -DatabaseCopyActivationDisabledAndMoveNow $True | out-null
Set-MailboxServer $source -DatabaseCopyAutoActivationPolicy Blocked | out-null

###Verify the server properly set DatabaseCopyAutoActivationPolicy & DatabaseCopyActivationDisabledAndMoveNow correctly###

Get-MailboxServer $source | select DatabaseCopyAutoActivationPolicy, DatabaseCopyActivationDisabledAndMoveNow
Get-ExchangeServer | % { get-mailboxdatabasecopystatus -server $_.fqdn }

  1. Finally, you can close powershell and open the command prompt <Admin>
  2. For the iso file you mounted, browse to the cdrom drive, “d:”
  3. type “Setup /IAcceptExchangeServerLicenseTerms /M:Upgrade (if upgrading) /M:Install (if new – then add /R:Mailbox or /R:EdgeTransport).
  4. Running other types of files though, navigate to “C:” and follow the below page.