Patching Exchange 2010 Servers

 

I Often get questions around how best to install Exchange updates or service packs. This Blog Post attempts to answer that Question.

To start with, I recommend having a Patch management Policy. A Good Patch management policy document should have the following listed:

 

1. How often should the updates / service pack be installed. ( e.g. Service Pack - once every quarter / critical updates - ASAP)

 

2. Applications which would possibly have a dependency on the Patch / Service pack. ( BB, Backup, antivirus , archiving, other 3^rd party products ).

These 3^rd party products should be tested for any dependencies on the Update / Service pack.

 

3. Sequence of server roles to install the Patches on.

Internet facing servers / sites should patched first

Non-internet facing should be after all internet facing sites are updated.

 

4. AV should be disabled for the time of installation.

 

5. StartDagServerMaintenance.ps1 before install & StopDagServerMaintenance.ps1 after success to disable replication & re-enable it after SP installation is complete

Additional Reading : https://technet.microsoft.com/en-us/library/bb629560.aspx

 

6. The Servers must be re-started if the installation of an update / Service pack prompts for a restart.

 

7. Tests which need to performed to validate services are up & running as expected.

 

8. Tests which need to be performed to validate the Updates / Service Pack is installed correctly.