question

SKB-9296 avatar image
0 Votes"
SKB-9296 asked ZhengqiLou-MSFT commented

Exchange 2016 CU 21 Setup Failed

I am installing CU 21 on Exchange 2016. We have one exchange server having all the roles in one box. I followed all the steps explained at https://www.alitajran.com/install-cumulative-update-exchange-2016/. The upgrade processed failed. Now I dont know what to do. Shall I reboot the server and try again?

Exchange Current CU is 16. It is already using .NET 4.8.
I am using administrator account which is a member of Schema Admins and Enterprise Admins.
I put the server in maintenance mode,PrepareSchema,PrepareAD,PrepareAllDomains and started the upgrade.
I got the following error during Language configuration was at 16% completion.

"An unexpected error has occurred and a Watson dump is being generated: Call cancelled
Call cancelled
The Exchange Server setup operation didn't complete. More details can be found in ExchangeSetup.log located in the
<SystemDrive>:\ExchangeSetupLogs folder."

There is no meaningful information in ExchangeSetupLog:
[09/23/2021 14:56:11.0016] [1] Setup has started to update MFL files.
[09/23/2021 17:03:06.0851] [1] Setup has finished updating MFL files.
[09/23/2021 17:03:06.0952] [1] [ERROR] Call cancelled
[09/23/2021 17:03:06.0953] [1] [WARNING] An unexpected error has occurred and a Watson dump is being generated: Call cancelled
[09/23/2021 17:03:14.0203] [1] [ERROR] Call cancelled
[09/23/2021 17:03:14.0203] [1] [ERROR] Call cancelled
[09/23/2021 17:03:14.0271] [0] [ERROR] Exception has been thrown by the target of an invocation.
[09/23/2021 17:03:14.0318] [0] [ERROR] Call cancelled
[09/23/2021 17:03:14.0318] [0] [ERROR] Call cancelled
[09/23/2021 17:03:14.0318] [0] CurrentResult SetupLauncherHelper.loadassembly:444: 1
[09/23/2021 17:03:14.0320] [0] The Exchange Server setup operation didn't complete. More details can be found in ExchangeSetup.log located in the <SystemDrive>:\ExchangeSetupLogs folder.
[09/23/2021 17:03:14.0323] [0] CurrentResult main.run:235: 1
[09/23/2021 17:03:14.0324] [0] CurrentResult setupbase.maincore:396: 1
[09/23/2021 17:03:14.0325] [0] End of Setup



Following is the log in ExchangeSetupWatson:
[09/23/2021 14:55:41.0637] [1] Finished updating performance counter strings
[09/23/2021 14:56:11.0016] [1] Setup has started to update MFL files.
[09/23/2021 17:03:06.0851] [1] Setup has finished updating MFL files.
[09/23/2021 17:03:06.0952] [1] [ERROR] Call cancelled
[09/23/2021 17:03:06.0953] [1] [WARNING] An unexpected error has occurred and a Watson dump is being generated: Call cancelled


There is no entry in the Server Event Log.





I used the following commands for the upgrade process:

STOP ACCEPTING EMAILS

Set-ServerComponentState -Identity "EMAILSRVR" -Component HubTransport -State Draining -Requester Maintenance

SERVER MAINTENANCE MODE

Set-ServerComponentState -Identity "EMAILSRVR" -Component ServerWideOffline -State Inactive -Requester Maintenance

CHECK SERVER STATUS

Get-MailboxDatabaseCopyStatus -Server "EMAILSRVR" | Where {$_.Status -eq "Mounted"}
Get-ServerComponentState "EMAILSRVR" | Select Component, State



PREPARE SCHEMA

D:\Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema

PREPARE AD

D:\Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD

PREPARE AD DOMAINS

D:\Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAllDomains

INSTALL CU 21


D:\Setup.exe /IAcceptExchangeServerLicenseTerms /Mode:Upgrade

office-exchange-server-administration
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ZhengqiLou-MSFT avatar image
0 Votes"
ZhengqiLou-MSFT answered

Hi @SKB-9296 ,

I checked the cmdlets above, they are good. Did you restart the server after put it into maintance mode?
And you could restart it now and use the SetupWizard(Setup.exe) to install the CU. See if that gives us some special information.

Best regards,
Lou


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SKB-9296 avatar image
0 Votes"
SKB-9296 answered ZhengqiLou-MSFT commented

I did not restart the server after putting it in the maintenance mode.

After the failed upgrade attempt, I restarted the server and started the CU upgrade by double clicking on the setup.exe (i did not right click and run as administrator). Installation went fine without any error.

I rebooted the server and "Security Update For Exchange Server 2016 CU21 (KB5004779)" was installed via windows updates. I rebooted the server and turned off the maintenance mode. Emails started working.

I have following issues:
1. Get-ExchangeServer shows AdminDisaplyVersion =Version 15.1 (Build 2308.8). However it should show up as 2308.14.
2. I ran the latest HealthChecker.ps1 and it shows the following vulnerabilities. Why would the vulnerabilities still exist when CU21 and latest SU have been installed.
CVE-2021-1730 See: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-1730 for more information.
CVE-2020-16969 See: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16969 for more information.
CVE-2020-17083 See: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17083 for more information.
CVE-2020-17084 See: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17084 for more information.
CVE-2020-17085 See: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17085 for more information.
CVE-2020-17117 See: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17117 for more information.
CVE-2020-17132 See: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17132 for more information.
CVE-2020-17141 See: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17141 for more information.
CVE-2020-17142 See: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17142 for more information.
CVE-2020-17143 See: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17143 for more information.
CVE-2021-24085 See: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-24085 for more information.
CVE-2021-26412 See: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-26412 for more information.
CVE-2021-27078 See: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-27078 for more information.
CVE-2021-26854 See: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-26854 for more information.
CVE-2021-28480 See: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-28480 for more information.
CVE-2021-28481 See: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-28481 for more information.
CVE-2021-28482 See: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-28482 for more information.
CVE-2021-28483 See: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-28483 for more information.
CVE-2021-31195 See: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-31195 for more information.
CVE-2021-31198 See: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-31198 for more information.
CVE-2021-31207 See: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-31207 for more information.
CVE-2021-31209 See: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-31209 for more information.
CVE-2021-31206 See: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-31206 for more information.
CVE-2021-31196 See: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-31196 for more information.
CVE-2021-33768 See: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-33768 for more information.
CVE-2021-34470 PrepareSchema required: https://aka.ms/HC-July21SU


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @SKB-9296 ,

  1. Could you find the update patch from the control panel > installed updates? And what does the HealthCheck show about the version? If the SU is not installed, then you can download the SU patch and install it using the CMD(admin).

  2. Formerly I've seen a same issue and I think it was a sign that you server has been compromised by these vulnerabilities before. But as you have installed CU21, some of them should have been fixed and no longer exist. You can double check it using the Test-ProxyLogon.ps1.

As the new CU was coming up soon (tomorrow if not delay), you could wait for that and it will contain the former CU and SU contents. What's more, there is a new feature to mitigate the threatens:
https://docs.microsoft.com/en-us/exchange/exchange-emergency-mitigation-service?view=exchserver-2019
https://techcommunity.microsoft.com/t5/exchange-team-blog/new-security-feature-in-september-2021-cumulative-update-for/ba-p/2783155

Best regards,
Lou

0 Votes 0 ·
SKB-9296 avatar image
0 Votes"
SKB-9296 answered ZhengqiLou-MSFT commented

Appreciate your response,

  1. No, SU was not showing up under control Panel-->Installed Updates. It was showing up under windows update history as successful.I downloaded the SU and started the install via CMD(Admin). Installation went fine. I rebooted the server both, Get-ExchangeServer and HealthSchecker script are reporting the exchange version 2308.8. I am not sure why it is not showing 2308.14. Now, it is reporting only one vulnerability (CVE-2021-1730/ https://aka.ms/HC-DownloadDomains)

  2. Test-ProxyLogin ran clean. Are there any symptoms to check if system has been compromised?

  3. MSERT.exe found 2 suspicions files which have been clean up. Subsequent runs of full system scan did not find any infections.

  4. Windows-KB890830-x64-V5.93 also ran clean.

  5. Defender full scan also did not find any infections.


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @SKB-9296 ,

  1. Does the HealthChecker show the installed SU? Like the picture here: https://docs.microsoft.com/en-us/Exchange/new-features/build-numbers-and-release-dates?view=exchserver-2019#option-1-recommended, it seems the version shown could be the CU version while not the SU's. And for this CVE, see the FAQ in the CVE url: "This vulnerability was found in the Exchange Server Installer. This type of vulnerability can only be addressed in a complete release as opposed to a cumulative update. We allowed time for customers to move to the September release prior to disclosing the vulnerability"

  2. You don't have to check other items as the script gives you a clean result and the HealthCheck only reported one "Exploitation Less Likely" vulnerability. Please follow the document to apply protection steps for this.

As the Defender and other protections show us a clean stat of your server, you could consider waiting for the Stptember CU and install see if this could fix CVE-2021-1703.

Best reagrds,
Lou


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·

Hello @SKB-9296 ,

Do the above suggestions help? If the issue has been resolved, please click “Accept as answer” to mark the helpful reply as an answer, this will make answer searching in the forum easier and be beneficial to other community members as well.

If you are still stuck in this issue, please feel free to post your questions.

Cheers,
Lou


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·