Forum Discussion
Exchange 2016 Security updates
Deleted https://www.microsoft.com/en-us/download/details.aspx?id=105091
MS recommends to restart your server before and after update. Restarting a server without putting in into maintenance mode is not the best idea.
So first start the maintenance mode which will switch over the database copies, the restart your server, turn off antivirus software, patch it, restart again, turn on antivirus, switch off maintenance mode and finally, when you‘re in a hurry, start redistribution of the DBs.
Deleted If it seems ridiculous to you, don’t do it. Your server, your decision.
- Still doesn't answer the question as to what happens in an unplanned reboot. They happen for a variety of reasons like power fails, a VM being accidently rebooted etc. There is no one there to put the server in maintenance mode. If you don't know, its OK because I haven't been able to find the answer either. Are we just to assume that everything will be OK. As I mentioned in my previous reply, my assumption is Active Manager will fail over the DB's, the Shadow Queue or Safety Net will take care of any messages, the Cluster Manager will maintain quorum as long as the witness server is available, and after the server comes back up, your only job is to re-distribute databases, or is it? Does anything else need to be done?
Deleted Starting the maintenance mode will prepare Exchange for a "smooth" restart. All database copies are switched, the message queues are drowned, the whole system ist set to consistent state. It won't accept any incoming connections since the DAG knows it's state. And the services are set to inactive for the next reboot. A switchover also checks for example if databases can be switched. On errors the switchover stops and an administrator has the chance to check this out. On an failover (that's what a simple reboot is) there are no checks.
So if you just restart your system might be in an inconsistant state and services like the HealthManager have to do some work to repair your system. This might take longer until bringing the system up, depending on your hardware's performance.
And at least if you just reboot your system all services will come back as soon as possible. Usually this ist not wanted if you patch Exchange.
For example if you have more than 500 OUs in your organization EAC won't display any OU. You have to manually edit the ECP web.config to show more than 500. This change has to be repeated at least for every CU and IIS has to be restarted. If you restart IIS on an operating Exchange server the clients will get outages or error messages. So I'm checking my configuration changes after any update. When checked an fixed I manually switch back the server into active mode.
If you still just restart your systems everything might go easy. I'm not quite sure if you have to switch back the databases manually or if they switch back themselves after a while.
I assume that you don't have a support contract with Microsoft. If you have, you should consider opening a service request to make sure that you get support for any problem that'll appear while or after skipping the maintenance mode procedure.
Best practice: https://learn.microsoft.com/en-us/exchange/plan-and-deploy/install-cumulative-updates?view=exchserver-2019 (This one describes CUs but SUs might patch some files needed by Exchange so I'd handle CU & SU equally):
Quote:
Best Practices
- [...]
- Reboot the server beforehand.
- [...]
- Reboot your server upon completion of the update.
- For exchange servers installed on database availability group, follow steps mentioned in https://learn.microsoft.com/en-us/exchange/high-availability/manage-ha/manage-dags?view=exchserver-2019#performing-maintenance-on-dag-members to put the DAG members in maintenance mode before installing the cumulative updates.
Good luck
Wolfgang