Exchange 2010 Rollup 8 installation - With Forefront and 2 node DAG




Exchange 2010 SP2 Rollup 8 install with Forefront on a 2 node DAG

Environment: Exchange 2010 multi-role server with ForeFront Protection for Exchange on a 2 node DAG

READ

Installing Update Rollups on Database Availability Group Members

http://technet.microsoft.com/en-us/library/ee861125(v=exchg.141).aspx


How to use the Fscutility.exe program to disconnect the Forefront Security services from Exchange Server or from SharePoint Portal Server

Program folder:
C:\Program Files (x86)\Microsoft Forefront Protection for Exchange Server
http://support.microsoft.com/kb/929076

DOWNLOAD
Rollup 8 for Exchange Server 2010 Service Pack 2 (KB2661854)
http://www.microsoft.com/en-us/download/details.aspx?id=41394

 
Exchange 2010 Hotfix problem
Check for non-Exchange supported Hotfix by running this command in a Window s Power Shell session: Get-hotfix KB2506143

If it is installed then uninstall the Hotfix and reboot. It seems that Windows Management Framework 3.0 is not supported on Exchange 2007 and 2010.

http://blogs.technet.com/b/exchange/archive/2012/12/14/windows-management-framework-3-0-on-exchange-2007-and-exchange-2010.aspx

If KB2506143 is installed and you run the StartDagServerMaintenance script you may see an error.
Preparations

Stop these Exchange server services in the following order:

  1. Microsoft Forefront Server Protection Controller (Will automatically stop #2 and #3)
  2. Microsoft Exchange Transport
  3. Microsoft Exchange Information Store
  4. SnapManager Service

DISABLE Forefront Protection
#1 - Start a Windows Powershell seesion by right click and selecting "Run as Administrator".
#2 - Type in cd  \ at the prompt to get to c:.
#3 - Type in cd "Program Files (x86)\Microsoft Forefront Protection for Exchange Server" (This is where the fscutility program is located)
#4 - Type in .\fscutility /disable
#5 - Hit ENTER

You should then see: "Status: Microsoft Forefront Server Security NOT Integrated"

To make sure that the Forefront Security services are disconnected from the Exchange server, type .\Fscutility /status, and then press ENTER.


RUN THE EXCHNAGE SRIPTS

#1 - Right click the Exchange Management Shell and click “Run as Administrator” to start a session. Move to the Exchange scripts directory.

#2 - Type in: cd “C:\Program Files\Microsoft\Exchange Server\V14\Scripts” and hit enter.

#3 - Type in: .\StartDagServerMaintenance.ps1 –serverName <serverName>

What is does:

1.     All database copies are moved to another server in the DAG based on the selection of the next best copy.

2.     If the cluster core resources are owned on the node the resources are arbitrated to a different DAG member (thereby moving the Primary Active Manager functionality to another node).

3.     The DatabaseCopyAutoActivationPolicy property of the mailbox server is set to a value of BLOCKED thereby preventing the DAG member from receiving or activating database copies.

4.     The individual database copies hosted on the DAG member are activation suspended.

5.     The node is paused within the cluster service preventing the cluster core resources from arbitrating to the node (and thereby preventing the node from becoming the Primary Active Manager).

INSTALL UPDATE

In Exchange Management Shell, change to the directory where you downloaded Update Rollup 8 for Exchange Server 2010 Service Pack 2 (KB2903903).


Type in: .\Exchange2010-KB2903903-x64-en.msp


AFTER UPDATE FINISHES

#1 - Right click the Exchange Management Shell and click “Run as Administrator” to start a session. Move to the Exchange scripts directory.

#2 - Type in: cd “C:\Program Files\Microsoft\Exchange Server\V14\Scripts” and hit enter.

#3 - Type in: .\StopDagServerMaintenance.ps1  <ServerName>


#4 - Start the Exchange server services in the following order:

  1. Microsoft Exchange Information Store
  2. Microsoft Exchange Transport
  3. Microsoft Forefront Server Protection Controller
  4. SnapManager Service

CHECK/ENABLE FPE
#1 - Start a Windows Powershell seesion by right click and selecting "Run as Administrator".
#2 - Type in cd: \ at the prompt to get to c:.
#3 - Type in cd "Program Files (x86)\Microsoft Forefront Protection for Exchange Server" (This is where the fscutility program is located)
#4 - Type in .\fscutility /status

#5 – If enable you are done. If not run .\fscutility /enable
#6 - Hit ENTER

You should then see: "Status: Microsoft Forefront Server Security successfully  integrated!"

To make sure that the Forefront Security services are connected to the Exchange server, type Fscutility /status, and then press ENTER.

After all this is complete a final reboot is not necessary but I advise doing so to make sure all the services come up correctly!
 

Comments

Post a Comment

Popular posts from this blog

Exchange 2016 - Error adding mailbox databases copies to new DAG server

Image
Exchange 2016 Database Availability Group Error adding mailbox databases copies to new DAG server I have 2 existing Exchange 2016 servers that are part of a DAG with 5 databases. After adding a new Exchange 2016 server to the existing DAG then trying to “Add database copy” I received the below error. The seeding operation failed. Error: An error occurred while running prerequisite checks. Error: The specified database isn't configured for replication and therefore cannot be used to perform seed operations. [Database: 12345, Server: NewEamilServer.something.COM] The database list shows the new Exchange server listed under the “SERVER WITH COPIES” column. However, looking at the details on the right-hand pane tells a different story. Passive Unknown Copy queue length: 0 Content index state: Unknown Clicking on the “View details” link shows us other errors. Error Message: “The database file wasn't found after log replay. The cop
Read more

Configure Message Delivery Restrictions on a resource mailbox in Exchange 2016

We just recently migrated from Exchange 2010 to 2016. In addition to our user mailboxes we also migrated a couple dozen conference room mailboxes or resource mailboxes as they are referred to in Exchange 2016. All our conference rooms are set to auto booking for everyone except on a particular conference room that is reserved for the executives. Only the executives and their administrative assistants are allowed to book meetings to this conference room. To limit the other employees for booking the executive conference room I used the Message Delivery Restrictions, Accept Messages From, Only Senders in the Following List option in Exchange 2010. I have eight people in the list. Since our move to Exchange 2016 we have had one executive leave the company, one executive admin leave the company, and one admin change responsibilities to cover for the one admin that left. I needed to make the changes to the Only Senders in the Following List option for the executive conference ro
Read more
Image
 MICROSOFT TEAMS TELEPHONY Configure Microsoft Teams users for Enterprise Voice   Basic Steps   #1 Does user have Office 365 user account #2 Check Microsoft Phone License is assigned #3 Get User Password Permission #4 Add user to Azure AD group #5 Get-CsOnlineUser -Identity "username@domainname.com" | fl RegistrarPool,OnPremLineUriManuallySet,OnPremLineUri,LineUri #6 Set-CsUser -Identity  "username@domainname.com"  -EnterpriseVoiceEnabled $False -HostedVoiceMail $False #7 Set-CsUser -Identity  "username@domainname.com"  -EnterpriseVoiceEnabled $true -HostedVoiceMail $true -OnPremLineURI tel:+15555555555 #8 Grant-CsOnlineVoiceRoutingPolicy -Identity  "username@domainname.com"  -PolicyName "VoiceRouteName" #9 Grant-CsTenantDialPlan -Identity  "username@domainname.com"  -PolicyName "DialPlanName" !!! -Huge  cavoite  here. Each user that you intend to enable for enterprise voice must have the appropriate licensing. If th
Read more