In this article, will discuss best practice to install or apply Cumulative Update for Exchange Server.
This is what I advise to client or teams who manages Exchange patching.
Before installing any cumulative updates on your Exchange servers, you should first:
Download the cumulative update from Microsoft.
Must have working backups of your Active Directory.
Must have working backups of your Exchange servers and databases.
Ensure that your Exchange SSL certificates have not expired.
Always keep your servers as up to date as possible.
Always install the latest Cumulative Update when creating a new server.
Apply Exchange Cumulative Updates
1) Apply n-1 CU. Don’t apply MS CU immediately wait for atleast a month and search internet for any issue.
2) Before deciding CU deployment, i will tell my team to google out CUX Issues after installation. Do your complete homework, if any issue found don’t install the CU.
3) If no major bug reported by public forums, next step is to test latest CU in test environment first. Test everything with test users and make sure everything is functioning as expected. Test environment should be a replica for your production. Atleast 25% identical to production.
4) Document all lesson learnt in the test environment like any error etc.
5) If any error seen in the test, raise Microsoft case and then fix that issue. Document the resolution.
6) Now plan for the production environment. Raise the necessary changes. Better to perform during weekend. Also, open an advisory case with MS in advance, in case you face any challenge, you can avoid wait time.
7) Now comes real change window. First take full backup. Take all screenshot, especially, if you have done any customization in IIS etc.
8) Copy BIN folder to safe location.
9) Next stop all Antivirus on your Exchange server or servers.
10) Next run windows update and make sure all windows updates are completed.
11) Perform a clean reboot.
12) Login to the server with proper credentials, which has rights to perform CU update. 99% admin stuck here only, they start the CU updates without proper rights and corrupts the Exchange server.
13) Avoid giving Exchange server CU updates to any newbie or inexperienced admin.
14) Before starting the CU update. Check all Logs and services are running fine. DC is reachable etc.
15) Make sure Antivirus or any 3rd party tool, which hooks into your Exchange server is stopped.
16) Now you can start the CU update, after update restart the Exchange server.
17) Login to Exchange server, check all services, logs etc.
18) Test all Exchange related functionality. What you have documented during test CU update
Note: For DAG servers only you need to put server in maintenance mode, standalone not required. And no need to rerun HCW.
Hope this helps!