question

KP-5386 avatar image
0 Votes"
KP-5386 asked KP-5386 answered

Update Exchange 2016 cu2 to cu19

I have recently inherited server 2012 running exchange 2016 on CU2. I will be updating it to CU19 and applying the emergency patch put out by Microsoft. I am trying to locate the easiest way to backup Exchange or Internet Information Server (IIS) settings. I will be following this write up. Any other pointers are helpful. https://docs.microsoft.com/en-us/exchange/plan-and-deploy/install-cumulative-updates?view=exchserver-2019

office-exchange-server-administration
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndyDavid avatar image
0 Votes"
AndyDavid answered KaelYao-MSFT edited

Follow these steps, rebooting after EACH step and running from an ELEVATED PROMPT.

https://docs.microsoft.com/en-us/exchange/plan-and-deploy/prepare-ad-and-domains?view=exchserver-2016

Install .net 4.8
https://docs.microsoft.com/en-us/exchange/plan-and-deploy/supportability-matrix?view=exchserver-2019#microsoft-net-framework

Run each step separately:
Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema
Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD
Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAllDomains




Then install CU19:
CU19:
https://www.microsoft.com/en-us/download/details.aspx?id=102532
Then install the security patch:

Critical Patch:
https://www.microsoft.com/en-us/download/details.aspx?id=102772


As for the "settings" backups, unless you made a custom change and documented it , you aren't really going to know what to back up.
The reality is that you are so far behind and this exploit is so dangerous, you need to upgrade now and apply the patch immediately and not worry about any customization. If any customizing was done, you'll probably realize it later and you can set whatever you need.

Once you are patched, you need to investigate to see if your server has been compromised and scan you server for known exploits:

https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/

Microsoft Support Emergency Response Tool (MSERT) to scan Microsoft Exchange Server

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/

If you find no evidence of actual compromise, then you are probably ok, but look to getting a quality anti-malware solution for Exchange for ongoing protection.

If any of your security detections or the investigation tools results lead you to suspect that your Exchange servers have been compromised and an attacker has actively engaged in your environment, execute your Security Incident Response plans, and consider engaging experienced Incident Response assistance. It is particularly critical if you suspect that your Exchange environment is compromised by a persistent adversary that you coordinate your response using alternative communications channels as mentioned earlier in this document.



· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for this information! Great!
On another topic, we have inherited and Exchange 2016 environment. There's an old dead Exchange 2010 server showing up in the Exchange 2016 console. It doesn't appear to be doing anything at all. Databases are offline, no connectors, no email flow in the logs. It is not part of a DAG.
From what we gather, this server was just "turned off" and no longer physically exists. All services and databases are on Exchange 2016 servers and running fine. Would it be appropriate to use the ADSIEdit process for extracting the old Exchange server objects? Do you see any potential problems?
Thank you again.

0 Votes 0 ·

Well, using ADSIEDIT is not supported to remove it.
If its still in AD under the Exchange config configuration , the only supported method is to do a disasterrecovery switch option and install it back.
Once re-installed, then run setup add/remove programs and uninstall Exchange gracefully.

https://docs.microsoft.com/en-us/exchange/high-availability/disaster-recovery/recover-exchange-servers?view=exchserver-2019

Once you are done taking care of the patching and checking for exploits on the 2016 server, you can circle back and take of the 2010 server of course :)

0 Votes 0 ·

Hi, @KP-5386

Agree with Andy, although using ADSIEdit to remove a lost Exchange server is often mentioned,
it is not a method supported by Microsoft and can cause irreparable damage to your Exchange organization and Active Directory.

77568-82.png

If you have to use ADSIEdit, please make sure to take a full backup of your Active Directory.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·
82.png (9.7 KiB)
KP-5386 avatar image
0 Votes"
KP-5386 answered

anonymous userDavid

Thank you so much for the direction. The update worked perfectly without any errors.

Follow these steps, rebooting after EACH step and running from an ELEVATED PROMPT.

https://docs.microsoft.com/en-us/exchange/plan-and-deploy/prepare-ad-and-domains?view=exchserver-2016

Install .net 4.8
https://docs.microsoft.com/en-us/exchange/plan-and-deploy/supportability-matrix?view=exchserver-2019#microsoft-net-framework

Run each step separately:
Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema
Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD
Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAllDomains




Then install CU19:
CU19:
https://www.microsoft.com/en-us/download/details.aspx?id=102532
Then install the security patch:

Critical Patch:
https://www.microsoft.com/en-us/download/details.aspx?id=102772

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.