Exchange 2010 SP3 Rollup 7 install with Forefront on a 2 node DAG







Exchange 2010 SP3 Rollup 7 install with Forefront on a 2 node DAG

2 Exchange 2010 multi-role servers with ForeFront and EndPoint Protection for Exchange on a 2 node DAG

READ

Installing Update Rollups on Database Availability Group Members



How to use the Fscutility.exe program to disconnect the Forefront Security services from Exchange Server.

Program folder: C:\Program Files (x86)\Microsoft Forefront Protection for Exchange Server
http://support.microsoft.com/kb/929076


DOWNLOAD
Hotfix Microsoft Knowledge Base article 2550886


 

 
Update Rollup 7 for Microsoft Exchange Server 2010 Service Pack 3


 

#1. CHECK/UNINSTALL  HOTFIX

Check for non-Exchange supported Hotfix by running this command in a Window s Power Shell session: Get-hotfix KB2506143

If it is installed then uninstall the Hotfix and reboot. It seems that Windows Management Framework 3.0 is not supported on Exchange 2007 and 2010.


If KB2506143 is installed and you run the StartDagServerMaintenance script you may see an error.

#2. CHECK/INSTALL HOTFIX

Check for Exchange supported Hotfix by running this command in a Window s Power Shell session: Get-hotfix KB2550886. If not installed in Exchange Management Shell, right click and Run as Administrator. Change to the directory where the hotfix is located. Type .\Windows6.1-KB2550886-x64.msu. Hit enter. Restart server after installation.

 

#3. STOP THESE SEVICES IN ORDER:

  1. Microsoft Forefront Server Protection Controller (Will automatically stop #2 and #3)
  2. Microsoft Exchange Transport
  3. Microsoft Exchange Information Store
  4. SnapManager Service

#4. DISABLE REAL-TIME PROTECTION

If your server has Microsoft Forefront Endpoint Protection running got to the Real-time protection tab and uncheck “Turn on real-time protection”. If this is enabled then the Languages files will take many hours to install.

#5. DISABLE Forefront Protection
#1 - Start a Windows Powershell session by right click and selecting "Run as Administrator".
#2 - Type in cd  \ at the prompt to get to c:.
#3 - Type in cd "Program Files (x86)\Microsoft Forefront Protection for Exchange Server" (This is where the fscutility program is located)
#4 - Type in .\fscutility /disable
#5 - Hit ENTER

You should then see: "Status: Microsoft Forefront Server Security NOT Integrated". To make sure that the Forefront Security services are disconnected from the Exchange server, type .\Fscutility /status, and then press ENTER.


#6. RUN THE EXCHNAGE SCRIPTS

#1 - Right click the Exchange Management Shell and click “Run as Administrator” to start a session. Move to the Exchange scripts directory

#2 - Type in: cd “C:\Program Files\Microsoft\Exchange Server\V14\Scripts” and hit enter

#3 - Type in: .\StartDagServerMaintenance.ps1 <servername>

#4 – Close all Exchange management Console windows

What is does:
  1. All database copies are moved to another server in the DAG based on the selection of the next best copy.
  2. If the cluster core resources are owned on the node the resources are arbitrated to a different DAG member (thereby moving the Primary Active Manager functionality to another node).
  3. The DatabaseCopyAutoActivationPolicy property of the mailbox server is set to a value of BLOCKED thereby preventing the DAG member from receiving or activating database copies.
  4. The individual database copies hosted on the DAG member are activation suspended.
  5. The node is paused within the cluster service preventing the cluster core resources from arbitrating to the node (and thereby preventing the node from becoming the Primary Active Manager).

INSTALL SERVICE PACK3

In Windows Explorer, change to the directory where you downloaded Exchange Server 2010 Service Pack 3. Run setup.exe. PS – make sure all Power Shell applications are closed, Exchange and Windows. Restart server!



INSTALL UPDATE ROLLUP 7

In Exchange Management Shell, right click and chose “Run as Administrator”.  Change to the directory where you downloaded Update Rollup 7 for Exchange Server 2010 Service Pack 3.

Type in: .\Exchange2010-KB2961522-x64-en.msp. After install starts close the Exchange Management Shell window.


AFTER UPDATE FINISHES

#1 - Right click the Exchange Management Shell and click “Run as Administrator” to start a session. Move to the Exchange scripts directory.

#2 - Type in: cd “C:\Program Files\Microsoft\Exchange Server\V14\Scripts” and hit enter.

#3 - Type in: .\StopDagServerMaintenance.ps1  <ServerName>

#4 - Start the Exchange server services in the following order:

  1. Microsoft Exchange Information Store
  2. Microsoft Exchange Transport
  3. Microsoft Forefront Server Protection Controller
  4. SnapManager Service

CHECK/ENABLE FPE
#1 - Start a Windows Powershell seesion by right click and selecting "Run as Administrator".
#2 - Type in cd: \ at the prompt to get to c:.
#3 - Type in cd "Program Files (x86)\Microsoft Forefront Protection for Exchange Server" (This is where the fscutility program is located)
#4 - Type in .\fscutility /status. “Status:  Microsoft Forefront Protection currently integrated.”

#5 – If currently integrated you are done. If not run .\fscutility /enable
#6 - Hit ENTER. "Status: Microsoft Forefront Server Security successfully integrated!"

To make sure that the Forefront Security services are connected to the Exchange server, type Fscutility /status, and then press ENTER.


After all this is complete a final reboot is not necessary but I advise doing so to make sure all the services come up correctly!


Check for updates. Might as well since there are no DB's on the server yet.

Comments

Post a Comment

Popular posts from this blog

Exchange 2016 - Error adding mailbox databases copies to new DAG server

Image
Exchange 2016 Database Availability Group Error adding mailbox databases copies to new DAG server I have 2 existing Exchange 2016 servers that are part of a DAG with 5 databases. After adding a new Exchange 2016 server to the existing DAG then trying to “Add database copy” I received the below error. The seeding operation failed. Error: An error occurred while running prerequisite checks. Error: The specified database isn't configured for replication and therefore cannot be used to perform seed operations. [Database: 12345, Server: NewEamilServer.something.COM] The database list shows the new Exchange server listed under the “SERVER WITH COPIES” column. However, looking at the details on the right-hand pane tells a different story. Passive Unknown Copy queue length: 0 Content index state: Unknown Clicking on the “View details” link shows us other errors. Error Message: “The database file wasn't found after log replay. The cop
Read more

Configure Message Delivery Restrictions on a resource mailbox in Exchange 2016

We just recently migrated from Exchange 2010 to 2016. In addition to our user mailboxes we also migrated a couple dozen conference room mailboxes or resource mailboxes as they are referred to in Exchange 2016. All our conference rooms are set to auto booking for everyone except on a particular conference room that is reserved for the executives. Only the executives and their administrative assistants are allowed to book meetings to this conference room. To limit the other employees for booking the executive conference room I used the Message Delivery Restrictions, Accept Messages From, Only Senders in the Following List option in Exchange 2010. I have eight people in the list. Since our move to Exchange 2016 we have had one executive leave the company, one executive admin leave the company, and one admin change responsibilities to cover for the one admin that left. I needed to make the changes to the Only Senders in the Following List option for the executive conference ro
Read more
Image
 MICROSOFT TEAMS TELEPHONY Configure Microsoft Teams users for Enterprise Voice   Basic Steps   #1 Does user have Office 365 user account #2 Check Microsoft Phone License is assigned #3 Get User Password Permission #4 Add user to Azure AD group #5 Get-CsOnlineUser -Identity "username@domainname.com" | fl RegistrarPool,OnPremLineUriManuallySet,OnPremLineUri,LineUri #6 Set-CsUser -Identity  "username@domainname.com"  -EnterpriseVoiceEnabled $False -HostedVoiceMail $False #7 Set-CsUser -Identity  "username@domainname.com"  -EnterpriseVoiceEnabled $true -HostedVoiceMail $true -OnPremLineURI tel:+15555555555 #8 Grant-CsOnlineVoiceRoutingPolicy -Identity  "username@domainname.com"  -PolicyName "VoiceRouteName" #9 Grant-CsTenantDialPlan -Identity  "username@domainname.com"  -PolicyName "DialPlanName" !!! -Huge  cavoite  here. Each user that you intend to enable for enterprise voice must have the appropriate licensing. If th
Read more