Install the Latest Update Rollup for Exchange 2010
[This topic is in progress.]
This topic describes how to deploy the latest update rollup for Microsoft Exchange Server 2010. Service packs and update rollups are part of the servicing strategy for Exchange 2010. They provide an effective and easy-to-use method to distribute Exchange 2010 fixes and Exchange 2010 modifications. We recommend that you install the latest service pack and update rollup to keep the product up to date.
Planning to Deploy the Latest Update Rollup
Before you install an Exchange 2010 update rollup, we recommend that you review the Exchange 2010 Servicing topic. This topic contains more information about the updates that are included in an update rollup, and the methodology behind the Exchange update process.
Applying update rollups to Mailbox servers that are part of a database availability group (DAG) requires specific planning and application steps. For more information about how to apply update rollups to Exchange 2010 DAG member servers, see Applying Exchange 2010 Update Rollups to Database Availability Group Members.
You can use the following list as a pre-deployment checklist to help you deploy an Exchange 2010 update rollup:
- Determine which update rollup packages are installed on the computer Installed update rollup packages appear in the Programs and Features dialog box in Control Panel. To see the list of installed updates, you must click View installed updates. Update rollup packages appear as "Update Rollup N for Exchange Server 2010 KBNNNNNN." You can use this information to help determine whether any update rollup packages are installed on the computer.
- Determine whether any interim updates are installed on the computer The Exchange 2010 servicing strategy allows for out-of-band fixes for certain Exchange issues. These fixes are known as interim updates. The issue or issues that an interim update resolves may be fixed in a later update rollup package. Before you install an update rollup package, you must remove any interim updates from the computer. Interim updates appear in the Programs and Features dialog box in Control Panel. These updates appear as "Interim Update for Exchange Server 2010 KBNNNNNN."
Note
You can remove the interim updates on a per-computer basis. You do not have to remove all the interim updates from all the computers in the organization before you install an update rollup.
- Locate addressed interim updates Examine any interim updates to determine whether they are addressed in the update rollup that you plan to install. To do this, examine the Microsoft Knowledge Base article that corresponds to the interim update. If the Knowledge Base article mentions that the issue is resolved in the update rollup package that you plan to install or in an earlier update rollup package, you can remove the interim update and then install the update rollup without the risk of experiencing the particular issue that the interim update resolves. In this scenario, you do not have to obtain a replacement interim update. If the Knowledge Base article does not mention that the issue is resolved in the update rollup package that you plan to install, you must obtain a replacement interim update from Microsoft Customer Support Services (CSS). In this scenario, you must remove the interim update, install the particular update rollup package, and then install an interim update that is appropriate for the update rollup level of the computer.
Important
Interim updates are created for a particular Exchange build. Therefore, an interim update that is suitable for Exchange 2010 Update Rollup 1 is not suitable for Exchange 2010 Update Rollup 2. You must contact CSS to obtain an interim update that is appropriate for the particular Exchange build that you are running. If the issue that the interim update resolves is fixed in the particular update rollup that you install, you do not have to obtain and install a replacement interim update.
- Obtain the latest update rollup package To obtain the latest update rollup package that is available for Exchange Server 2010 system, see Obtain the Latest Update Rollup for Exchange 2010. We strongly recommend that you install the latest update rollup package that is available. This step makes sure that you benefit from the latest fixes for Exchange 2010.
Important Considerations
The following sections contain important items to consider before you deploy an update rollup package in an organization.
When you install an update rollup package, Exchange tries to connect to the certificate revocation list (CRL) Web site. If Exchange cannot connect to the CRL Web site, you may experience the following symptoms:
- The installation takes a long time to complete
- You receive the following message during the installation: Creating native images for .Net assemblies
This issue occurs because Exchange tries to examine the CRL to verify the code signing certificate each time that Exchange compiles an assembly into managed code. When Exchange is not connected to the Internet, each CRL request must time out before the installation can continue.
To work around this issue and to reduce installation times, turn off the Check for publisher’s certificate revocation option on the server that is being upgraded.
Turn off the check for Publisher's Certificate Revocation Option
- Start Internet Explorer.
- On the Tools menu, click Internet Options.
- Click the Advanced tab, and then locate the Security section.
- Click to clear the Check for publisher’s certificate revocation check box, and then click OK.
- After the update rollup installation is complete, turn on the Check for publisher’s certificate revocation option.
Note
The Check for publisher's certificate revocation option is set on a per-account basis
For more information, see Generating NGEN images takes longer than expected.
Outlook Web App Customizations
When you apply an update rollup package, the update process may update the Logon.aspx file. If you have modified the Logon.aspx file, the file cannot be updated successfully. Therefore, Microsoft Office Outlook Web App may not be updated correctly. In this scenario, after the update process is finished, Outlook Web App may display a blank page.
To work around this issue, rename the Logon.aspx file before you apply the update rollup, and then, after you apply the update, re-create the Outlook Web App customizations in the Logon.aspx file.
We recommend that you make a backup copy of any customized Outlook Web App files before you apply an update rollup. For more information about Outlook Web App customization details, see Customize the Outlook Web App Sign-In and Sign-Out Pages.
Client Access Server - Client Access Server Proxying
If you have deployed CAS-CAS proxying, you must apply the update rollup to the Internet-facing Client Access servers before you apply the update rollup to non-Internet-facing Client Access servers. For other Exchange 2010 configurations, the order in which you apply the update rollup to the servers is not important.
For more information about CAS-CAS proxying, see Understanding Proxying and Redirection.
General Backup Recommendations
We strongly recommend that you create the following backups before you install an update rollup package:
- A full backup of all Exchange databases on the server
- A system state backup of the server
Exchange and Internet Services Considerations
When you install an update rollup, the Setup program automatically stops the appropriate Exchange services and Internet Information Services (IIS)-related services. Therefore, during the installation process, the server may be unable to service user requests. We recommend that you install an update rollup during a period of scheduled maintenance or during a period of low business impact.
Prerequisites
Verify that your account has the appropriate permissions to install an update rollup. When you install an update rollup, the account that you use must be a member of the Local Administrators group and have permission to read Active Directory on the Exchange object. The account must also have server-level permissions. This is because the update program must determine which server roles are installed on the server. If the account does not have the required permissions, your servers will not be successfully updated.
Applying the Update Rollup
You should apply update rollup packages to each Exchange 2010-based server in an environment. The update packages are not separated according to different Exchange server roles or for particular file configurations. Instead, the appropriate update rollup package should be applied to each Exchange 2010 server.
Unless you are running CAS-CAS proxying in your environment, the order in which you apply an update rollup package to servers is not important. However, we recommend that you apply update rollup packages to servers that are running the Client Access server role first. Then, apply the update rollup package to servers that are running the other Exchange server roles.
Install the Updated Rollup
- Ensure that you have downloaded the appropriate rollup to a local drive on your Exchange servers, or on a remote network share. To obtain the latest rollup, see Obtain the Latest Update Rollup for Exchange 2010.
- Run the Windows Installer *.msp Setup file that you downloaded in the previous step.
Note
If you use Microsoft Update to install an update rollup package or if you install an update rollup package in silent mode, certain Exchange services may be disabled. This issue occurs if the update rollup package must update a file that is being used.
Post-install Tasks
When the installation is finished, complete the following tasks:
- Start the Services MMC snap-in, and then verify that all the Exchange-related services are started successfully.
- Log on to Outlook Web App to verify that this Web application is running correctly.
- Restore Outlook Web App customizations, and then retest Outlook Web App for correct functionality.
Remove Updated Rollup
- Click Start, and then click Control Panel.
- Select Installed Updates, and then click Uninstall.