Released: June 2021 Quarterly Exchange Updates
Published Jun 29 2021 08:03 AM 119K Views

Today we are announcing the availability of quarterly Cumulative Updates (CUs) for Exchange Server 2016 and Exchange Server 2019. These CUs include fixes for customer reported issues, all previously released security updates, and a new security feature.

A full list of fixes is contained in the KB article for each CU, but we wanted to highlight the new security feature.

Exchange Server AMSI Integration

As mentioned in our recent blog post, the June 2021 CUs include new Exchange Server integration with AMSI (Antimalware Scan Interface). AMSI exists in Windows Server 2016 and Windows Server 2019, and the new integration is available in Exchange 2016 and Exchange 2019 when running on either of those operating systems. For Exchange 2016, AMSI integration is available only when running on Windows Server 2016. It is not available for Exchange 2016 running on Windows Server 2012 or Windows Server 2012 R2.

AMSI integration in Exchange Server provides the ability for an AMSI-capable antivirus/antimalware solution to scan content in HTTP requests sent to Exchange Server and block a malicious request before it is handled by Exchange Server. The scan is performed in real-time by any AMSI-capable antivirus/antimalware solution that runs on the Exchange server as the server begins to process the request. This provides automatic mitigation and protection that compliments the existing antimalware protection in Exchange Server to help make your Exchange servers more secure.

Because we know that some of our customers modify the web.config file on their Exchange Server, we wanted to let you know that installation of the June 2021 CUs will add a new section in the web.config of every HTTP service under <Modules>. The entry will be called "HttpRequestFilteringModule" and it must be present for AMSI integration to work.

Release Details

The KB articles that describe the fixes in each release and product downloads are as follows:

Additional Information

Microsoft recommends all customers test the deployment of any update in their lab environment to determine the proper installation process for your production environment.

These updates contain schema and directory changes and so require you prepare Active Directory (AD) and all domains. You can find more information on that process here. Schema changes can be tracked here. For best practices for successful installation, please see this document.

If updating from an older version of the CU, please see Exchange Update Wizard for detailed steps to follow.

Also, to prevent installation issues you should ensure that the Windows PowerShell Script Execution Policy is set to Unrestricted on the server being upgraded or installed. To verify the policy settings, run the Get-ExecutionPolicy cmdlet from PowerShell on the machine being upgraded. If the policies are NOT set to Unrestricted you should use these resolution steps to adjust the settings.

If you plan to install the update with the unattended install option using either PowerShell or a command prompt, make sure you specify either the full path to the setup.exe file or use a “.” in front of the command if you are running it directly from the folder containing the update. If you do not, Exchange Setup may indicate that it completed successfully when it did not. Read more here.

Note: Customers in Exchange hybrid deployments and those using Exchange Online Archiving with an on-premises Exchange deployment are required to deploy a supported CU for the product version in use.

For the latest information on the Exchange Server and product announcements please see What's New in Exchange Server and Exchange Server Release Notes.

Note: Documentation may not be fully available at the time this post is published.

The Exchange Server team

81 Comments
Copper Contributor

It's not mentioned in this blog post, but it was previously announced that this would be the final CU for Exchange 2016, I believe. That is what we have in our planning, but I thought I'd ask to confirm if this is still the case.

Brass Contributor

@kevlyn, the answer is that it is the last CU, unless someone higher up at Microsoft says it's not. Then, it might or might not be, depending on the phase of the moon and what that manager had for lunch. Stay tuned.

Brass Contributor

I have an O365 Hybrid-Setup with Exchange 2016 CU18 and Exchange 2019 CU9 on premises in coexistence.

 

Today I tried to install either CU10 or CU21, but neither succeeded. Setup fails while accessing adminsdholder object in AD:

 

[06/30/2021 16:04:08.0020] [2] Used domain controller DC1.mydomain.local to read object CN=Delegated Setup,OU=Microsoft Exchange Security Groups,DC=mydomain,DC=local.
[06/30/2021 16:04:08.0035] [2] Used domain controller DC1.mydomain.local to read object DC=mydomain,DC=local.
[06/30/2021 16:04:08.0098] [2] Used domain controller DC1.mydomain.local to read object CN=AdminSDHolder,CN=System,DC=mydomain,DC=local.
[06/30/2021 16:04:08.0113] [2] [ERROR] Object reference not set to an instance of an object.
[06/30/2021 16:04:08.0113] [2] [WARNING] An unexpected error has occurred and a Watson dump is being generated: Object reference not set to an instance of an object.
[06/30/2021 16:04:08.0301] [1] The following 1 error(s) occurred during task execution:
[06/30/2021 16:04:08.0301] [1] 0. ErrorRecord: Object reference not set to an instance of an object.
[06/30/2021 16:04:08.0301] [1] 0. ErrorRecord: System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.Exchange.Management.Tasks.SetupTaskBase.LogReadObject(ADRawEntry obj)
at Microsoft.Exchange.Management.Tasks.InitializeDomainPermissions.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__91_1()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)
at Microsoft.Exchange.Configuration.Tasks.Task.ProcessTaskStage(TaskStage taskStage, Action initFunc, Action mainFunc, Action completeFunc)
at Microsoft.Exchange.Configuration.Tasks.Task.ProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
[06/30/2021 16:04:08.0301] [1] [ERROR] The following error was generated when "$error.Clear();
$createTenantRoot = ($RoleIsDatacenter -or $RoleIsPartnerHosted);
$createMsoSyncRoot = $RoleIsDatacenter;

#$RoleDatacenterIsManagementForest is set only in Datacenter deployment; interpret its absense as $false
[bool]$isManagementForest = ($RoleDatacenterIsManagementForest -eq $true);

if ($RolePrepareAllDomains)
{
initialize-DomainPermissions -AllDomains:$true -CreateTenantRoot:$createTenantRoot -CreateMsoSyncRoot:$createMsoSyncRoot -IsManagementForest:$isManagementForest;
}
elseif ($RoleDomain -ne $null)
{
initialize-DomainPermissions -Domain $RoleDomain -CreateTenantRoot:$createTenantRoot -CreateMsoSyncRoot:$createMsoSyncRoot -IsManagementForest:$isManagementForest;
}
else
{
initialize-DomainPermissions -CreateTenantRoot:$createTenantRoot -CreateMsoSyncRoot:$createMsoSyncRoot -IsManagementForest:$isManagementForest;
}
" was run: "System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.Exchange.Management.Tasks.SetupTaskBase.LogReadObject(ADRawEntry obj)
at Microsoft.Exchange.Management.Tasks.InitializeDomainPermissions.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__91_1()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)
at Microsoft.Exchange.Configuration.Tasks.Task.ProcessTaskStage(TaskStage taskStage, Action initFunc, Action mainFunc, Action completeFunc)
at Microsoft.Exchange.Configuration.Tasks.Task.ProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()".
[06/30/2021 16:04:08.0301] [1] [ERROR] Object reference not set to an instance of an object.
[06/30/2021 16:04:08.0301] [1] [ERROR-REFERENCE] Id=DomainGlobalConfig___27a706ffe123425f9ee60cb02b930e81 Component=EXCHANGE14:\Current\Release\Shared\Datacenter\Setup
[06/30/2021 16:04:08.0301] [1] Setup is stopping now because of one or more critical errors.
[06/30/2021 16:04:08.0301] [1] Finished executing component tasks.

 

Domain- and Forest level was W2012R2, I raised it to W2016. Permissions for the admin user is also fine, I also tried with the built-in Admin. PrepareSchema succeeded already.

 

Any ideas?

Brass Contributor

/prepareschema worked fine

 

The problem is with /prepared and in the MSExchangeManagement Log I find these entries (event 6):

 

Cmdlet failed. Cmdlet Remove-ServiceEndpoint, parameters -DomainController "dc1.mydomain.local" -Identity "Windows Live Calendar".

Cmdlet failed. Cmdlet initialize-DomainPermissions, parameters -CreateTenantRoot "False" -CreateMsoSyncRoot "False" -IsManagementForest "False".

Cmdlet failed. Cmdlet Install-ExchangeOrganization, parameters -DomainController "dc1.mydomain.local" -OrganizationName "First Organization" -PrepareOrganization "True" -Industry "NotSpecified" -ActiveDirectorySplitPermissions $null -PrepareDomain "True".

 

 

This is also strange:

 

Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException: The operation couldn't be performed because object 'Windows Live Calendar' couldn't be found on 'DC1.mydomain.local'.

 

BTW: Installation from Exchange 2016 CU18 to CU20 instead of 21 is successful

 

Copper Contributor

I got exactly the same failure with 2019 CU10.
Was CU10 tested before it was release?
Cmdlet failed. Cmdlet Remove-ServiceEndpoint, parameters -DomainController "xxxx" -Identity "Windows Live Calendar".
Cmdlet failed. Cmdlet initialize-DomainPermissions, parameters -CreateTenantRoot "False" -CreateMsoSyncRoot "False" -IsManagementForest "False".
Cmdlet failed. Cmdlet Install-ExchangeOrganization, parameters -DomainController "xxxx" -OrganizationName "x" -PrepareSchema "True" -PrepareOrganization "True" -Industry "NotSpecified" -ActiveDirectorySplitPermissions $null -PrepareDomain "True".

Brass Contributor

Same failure here, Exchange 2016 CU 20 -> CU 21.

Fix it pls

Copper Contributor

I did all the AD update work from a DC first the update exchange and it worked fine I did all from command line

Copper Contributor

Is there any way to monitor / verify Exchange <-> AMSI Integration?

I deployed 2019 CU10 without issues and made sure WDAV is running, I do notice an increased cpu load and antimalware scanning process is consuming resources constantly.

Couldn´t find any log or event enteries so far though.

 

Thanks

Microsoft

@justsomeadmin Fair question; we are working on a blog post related to this. Note that there will be nothing to see, unless we (Microsoft) ship signatures to Defender to actually block something. If you speak of 3rd party solution that is AMSI compatible, then those signatures would be shipped by the 3rd party (totally out of our hands). But I get it; right now it is a bit of a black box, so a few people are pulling together some guidance around it all.

Brass Contributor

my Exchange 2016 farm is now on CU20, but I still can not update to CU21 or CU10 for the Exchange 2019 servers (/PrepareAD fails).

 

I tried it also from a DC - same error, the procedure fails after walking through AdminSDHolder in AD

 

Until now I never had problems with any CU. Exchange Hybrid went live in 2021/03.

Microsoft

@MI5-Agent @Hnny0 @GrahamJB : At this time, we are not aware of systemic problems related to this; yes, those CUs have been tested as all other CUs (I know it was more of a hypothetical question). We suspect some non-standard AD permissions change is causing this but so far, we have not figured what it is.

Could one of you open a support ticket with on-prem support? If you do, please PM me the ticket number.

I'll post here if we figure out anything else on our end, but so far - we do not have have a repro of this problem.

Copper Contributor

@MI5-Agent  was the DC you tied it from the Schema master I do all my AD updates from the Schema master with on issues

Brass Contributor

very strange. The AD was setup in 2010 with W2008R2 - nothing special. Additionally, I am running Skype for Business on prem as well.

 

What I tried else:

- from DC with and without schemamaster role

- i gave temporarily full access on AD for admin and Exchange-Servers

- disabled Windows FW-Rules

- /preparedomain instead of /preparead

 

 

Copper Contributor

The installer cannot run on our schema master as it appears to need to have the prerequisites for exchange installed on the schema master (setup requires .Net Framework 4.8), even when running with only:
Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema
Why would that be a prereq for the schema upgrade?

Why would anybody assume that dotnet must be installed at all on an AD schema master if you have an option not to??
Is there a way to disable the pre-req check when just updating AD?

 

[This is an on-prem only setup upgraded over the years from SBS 2003]

Brass Contributor

I gave again full access for a group containing EX-Servers, Org-Admin, Adminuser etc. to my AD, I also removed orphaned delegates. I also blocked some GPOs to the DCs, thus only the default GPOs are active - no success.

 

I don't believe that this is a problem with rights to the directoy, i presume it has something to do with the Exchange hybrid setup. I could install CU21 in another onprem Exchange organisation without issues.

 

Maybe I will open a ticket with MS later on when there is some time for it, running with CU20/CU9 is fine for the next time.

Copper Contributor

I ran the following on the exchange server and they succeeded on the exchange 2019 server.

Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema
Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD /OrganizationName:x

The following alternatives both fail:

Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAllDomains
Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareDomain:x.local

with the null reference error above

Copper Contributor

BTW .. has anybody tried following steps in:

>If updating from an older version of the CU, please see Exchange Update Wizard for detailed steps to follow.
CU10 is not even listed !

UPDATE: Hi team, thanks for updating the page

Brass Contributor

 

I tried:

Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD /OrganizationName:"First Organisation"

 

Result:

Exchange organization name cannot be specified. There already exists an Exchange organization with name 'First
Organization'.

 

Brass Contributor

Share experience

  1. Done upgraded 15 servers (Total 30) Exchange 2016 CU20 to 21 on Hybrid coexistence mode.  
    • so far no issue
    • Prepare schema required
    • then run AADC - refresh directory schema (optional)
    • DAG MA mode
      DAG MA Mode
      Set-ServerComponentState TargetServer -Component HubTransport -State Draining -Requester Maintenance
      Restart-Service MSExchangeTransport
      Set-ServerComponentState TargetServer -Component UMCallRouter -State Draining -Requester Maintenance
      CD $ExScripts
      .\StartDagServerMaintenance.ps1 -ServerName TargetServer -MoveComment Maintenance -PauseClusterNode
      Set-MailboxServer -Identity Server -DatabaseCopyAutoActivationPolicy Blocked
      Redirect-Message -Server TargetServer -Target Server2.domain.local
      Set-ServerComponentState TargetServer -Component ServerWideOffline -State Inactive -Requester Maintenance
      
      Get-ScheduledTask -TaskPath \ | Stop-ScheduledTask
      Get-ScheduledTask -TaskPath \ | disable-ScheduledTask
      Get-ScheduledTask -TaskPath \
      
      Get-ServerComponentState TargetServer | Format-Table Component,State -Autosize
      Get-MailboxServer TargetServer | Format-List DatabaseCopyAutoActivationPolicy
      Get-ClusterNode TargetServer | Format-List
      Get-Queue
      
      Get-MpComputerStatus | ft RealTimeProtectionEnabled
      Set-MpPreference -DisableRealtimeMonitoring $True
      Get-MpComputerStatus | ft RealTimeProtectionEnabled
      
      
      Setup.exe /IAcceptExchangeServerLicenseTerms /Mode:Upgrade
      
      ====================================
      Bring Service Back Online
      Set-ServerComponentState TargetServer -Component ServerWideOffline -State Active -Requester Maintenance
      Set-ServerComponentState TargetServer -Component UMCallRouter -State Active -Requester Maintenance
      CD $ExScripts
      .\StopDagServerMaintenance.ps1 -serverName TargetServer
      Set-ServerComponentState TargetServer -Component HubTransport -State Active -Requester Maintenance
      Restart-Service MSExchangeTransport
      Get-ServerComponentState TargetServer | Format-Table Component,State -Autosize
      
      Get-ServerComponentState TargetServer | Format-Table Component,State -Autosize
      Get-MailboxServer TargetServer | Format-List DatabaseCopyAutoActivationPolicy
      Get-ClusterNode TargetServer | Format-List
      Get-Queue
      
      Get-ScheduledTask -TaskPath \ | enable-ScheduledTask
      Get-ScheduledTask -TaskPath \
      Set-MpPreference -DisableRealtimeMonitoring $false
      Get-MpComputerStatus | ft RealTimeProtectionEnabled
      .\HealthChecker_21.06.29.1121.ps1
  2. AMSI testing work - follow below steps 
    https://docs.microsoft.com/en-us/windows/win32/amsi/how-amsi-helps

    AMSI_result.png
Copper Contributor

Have applied the CU21 to a system (2016) that had CU19. Having issues with client connectivity now. Is there any way of disabling AMSI for troubleshooting to ensure this isn't the cause of the issues?

Copper Contributor

Hello,

 

currently I fail already in the preparation for the actual setup:
Schema was successfully updated from CU19 to CU21
Setup.EXE /PrepareAD /IAcceptExchangeServerLicenseTerms keeps aborting:

GUI Step 1 from 18:
Der folgende Fehler wurde generiert, als „$error.Clear();
$createTenantRoot = ($RoleIsDatacenter -or $RoleIsPartnerHosted);
$createMsoSyncRoot = $RoleIsDatacenter;

#$RoleDatacenterIsManagementForest is set only in Datacenter deployment; interpret its absense as $false
[bool]$isManagementForest = ($RoleDatacenterIsManagementForest -eq $true);

if ($RolePrepareAllDomains)
{
initialize-DomainPermissions -AllDomains:$true -CreateTenantRoot:$createTenantRoot -CreateMsoSyncRoot:$createMsoSyncRoot -IsManagementForest:$isManagementForest;
}
elseif ($RoleDomain -ne $null)
{
initialize-DomainPermissions -Domain $RoleDomain -CreateTenantRoot:$createTenantRoot -CreateMsoSyncRoot:$createMsoSyncRoot -IsManagementForest:$isManagementForest;
}
else
{
initialize-DomainPermissions -CreateTenantRoot:$createTenantRoot -CreateMsoSyncRoot:$createMsoSyncRoot -IsManagementForest:$isManagementForest;
}
“ ausgeführt wurde: „System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei Microsoft.Exchange.Management.Tasks.SetupTaskBase.LogReadObject(ADRawEntry obj)
bei Microsoft.Exchange.Management.Tasks.InitializeDomainPermissions.InternalProcessRecord()
bei Microsoft.Exchange.Configuration.Tasks.Task.b__91_1()
bei Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)
bei Microsoft.Exchange.Configuration.Tasks.Task.ProcessTaskStage(TaskStage taskStage, Action initFunc, Action mainFunc, Action completeFunc)
bei Microsoft.Exchange.Configuration.Tasks.Task.ProcessRecord()
bei System.Management.Automation.CommandProcessor.ProcessRecord()“.

 

Since I had not installed the CU20 so far, I have of course tried to make the preparations for the CU20, this works fine.
Currently I do not know where to start. Permissions are almost impossible (upgrade from CU19 to CU20 has just worked).

Does anyone have any ideas?

Thanks & greetings

Mario

Copper Contributor

Same /PrepareAD error as MSch and MI5-agent in hybrid configuration with on-prem 2016cu20 on srv2016. 

 

 

Brass Contributor

We have found that after installing CU10 on Exchange 2019 it is no longer possible to edit Custom Attributes from the Exchange Admin Center. It looks to work without error, but then no change has been saved. The command logger shows the set-mailbox command is not actually run. Set-mailbox run directly from PowerShell works normally and does edit Custom Attributes.

Copper Contributor

The same for 2016 it is no longer possible to edit Custom Attributes from the Exchange Admin Center. But it gets picked up if you do it though AD 

Copper Contributor

Just a general question:

 

I've upgraded an Exchange 2016 CU 19 server to CU 21. Everything went well.

 

I see the following service: Tracing Service for Search in Exchange

Startup type: Disabled

Description: This service provides trace logs for search components in Exchange.

 

This service is not mentioned here: Overview of Exchange services on Exchange servers | Microsoft Docs

 

Does anyone know the purpose of this service?

 

Microsoft

Just a reminder for all who use unattended setup.

 

If you plan to install the update with the unattended install option using either PowerShell or a command prompt, make sure you specify either the full path to the setup.exe file or use a “.” in front of the command if you are running it directly from the folder containing the update. If you do not, Exchange Setup may indicate that it completed successfully when it did not.

 

Exchange Server 2019 setup does not run as expected if started from PowerShell using Setup.exe - Exc...

 

We see it quite often that the unattended setup was called incorrectly and so PrepareAd or PrepareSchema doesn't run as expected.

Copper Contributor

Hi all,

my lab environmente: 4 Exchange 2016 CU19.

Same problem with /PrepareAD as MSch and MI5-agent

 

I just opened a ticket to Microsoft Support.

 

Giorgio

Brass Contributor

/PrepareAD still fails. I installed the latest CU on all DCs, moved FSMO roles forth and back, tried Exchange setup from Exchange and DCs.

 

Nothing helped. /PrepareAD still fails after 97~98%, see my notes above.

 

I have to say, that my organisation is in german as well (all Exchange servers and DCs), though I tried /preparad also from an EN member server.

 

"“ ausgeführt wurde: „System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei Microsoft.Exchange.Management.Tasks.SetupTaskBase.LogReadObject(ADRawEntry obj)"

 

Maybe this specific problem is language related?

Brass Contributor

@Giorgio: which language does your organisation use?

Microsoft

@MI5-Agent you can use the SetupAssist.ps1 script to check a few well-known things. Have you tried this?

SetupAssist.ps1 - Exchange Server Support Scripts (microsoft.github.io)

Copper Contributor

@MI5-Agent

English language

Copper Contributor

@Lukas Sassl 

[PS] C:\Scripts>.\SetupAssist.ps1
User is an administrator.
WARNUNG: User is not a member of Domain Admins.
WARNUNG: User is not a member of Schema Admins. - Only required if doing a Schema Update
WARNUNG: User is not a member of Enterprise Admins. - Only required if doing a Schema Update or PrepareAD or PrepareDomain
WARNUNG: User is not a member of Organization Management.
WARNUNG: ExecutionPolicy is RemoteSigned
No installer packages missing.
Download Visual C++ 2012 Redistributable Package and install: https://www.microsoft.com/en-us/download/details.aspx?id=30679
No other PowerShell instances were detected.
No reboot pending.
All Critical Mailboxes have valid HomeMDB values
WARNUNG: Exchange 2019 AD Level Failed. Mismatch detected.
WARNUNG: DN Value: 'CN=Stadt intern,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=intern,DC=de' - Version: 16220
WARNUNG: DN Value: 'CN=ms-Exch-Schema-Version-Pt,CN=Schema,CN=Configuration,DC=intern,DC=de' - Version: 17003
WARNUNG: DN Value: 'CN=Microsoft Exchange System Objects,DC=intern,DC=de' - Version: 13240
WARNUNG: More Info: https://docs.microsoft.com/en-us/Exchange/plan-and-deploy/prepare-ad-and-domains?view=exchserver-2019
System.Management.Automation.RuntimeException: Es ist nicht möglich, einen Index auf ein NULL-Array anzuwenden.
   bei System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exception)
   bei System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
   bei System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
   bei System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
bei Write-PrepareADInfo, C:\Scripts\SetupAssist.ps1: Zeile 236
bei Write-Mismatch, C:\Scripts\SetupAssist.ps1: Zeile 334
bei Test-ExchangeAdSetupObjects, C:\Scripts\SetupAssist.ps1: Zeile 452
bei MainUse, C:\Scripts\SetupAssist.ps1: Zeile 1761
bei Main, C:\Scripts\SetupAssist.ps1: Zeile 1814
bei <ScriptBlock>, C:\Scripts\SetupAssist.ps1: Zeile 1828
bei <ScriptBlock>, <Keine Datei>: Zeile 1
WARNUNG: Ran into an issue with the script. If possible please email 'ExToolsFeedback@microsoft.com' of the issue that you are facing

The script does not work properly.
User is member of domain admin (intern\administrator).
User is member of Schema Admin.
User is a member of the Enterprise Admin.
User is a member of Organization Management.
Visual C++ 2012 Redistributable Package is installed and up-to-date.

 

Copper Contributor

Unfortunately the update doesn't work for us either. We want to update from CU20 to CU21

[07.07.2021 11:07:38.0002] [2] Die Active Directory-Sitzungseinstellungen für 'install-Container' lauten: Vollständige Gesamtstruktur anzeigen: 'True', Konfigurationsdomänencontroller: 'AD01.domain.de', Bevorzugter globaler Katalog: 'AD01.domain.de', Bevorzugte Domänencontroller: '{ AD01.domain.de }'
[07.07.2021 11:07:38.0002] [2] User specified parameters:  -Name:'UM AutoAttendant Container' -DomainController:'AD01.domain.de'
[07.07.2021 11:07:38.0002] [2] Beginning processing install-Container
[07.07.2021 11:07:38.0002] [2] Processing object "UM AutoAttendant Container".
[07.07.2021 11:07:38.0003] [2] Ending processing install-Container
[07.07.2021 11:07:38.0005] [1] Processing component 'CAFE Global AD Configuration' (Globale Clientzugriffseinstellungen werden konfiguriert.).
[07.07.2021 11:07:38.0005] [1] Processing component 'Domain-specific AD Configuration' (Domänen für Exchange werden konfiguriert.).
[07.07.2021 11:07:38.0006] [1] Executing: 
          $createTenantRoot = ($RoleIsDatacenter -or $RoleIsPartnerHosted);
          $createMsoSyncRoot = $RoleIsDatacenter;

          #$RoleDatacenterIsManagementForest is set only in Datacenter deployment; interpret its absense as $false
          [bool]$isManagementForest = ($RoleDatacenterIsManagementForest -eq $true);

          if ($RolePrepareAllDomains)
          {
              initialize-DomainPermissions -AllDomains:$true -CreateTenantRoot:$createTenantRoot -CreateMsoSyncRoot:$createMsoSyncRoot -IsManagementForest:$isManagementForest;
          }
          elseif ($RoleDomain -ne $null)
          {
              initialize-DomainPermissions -Domain $RoleDomain -CreateTenantRoot:$createTenantRoot -CreateMsoSyncRoot:$createMsoSyncRoot -IsManagementForest:$isManagementForest;
          }
          else
          {
              initialize-DomainPermissions -CreateTenantRoot:$createTenantRoot -CreateMsoSyncRoot:$createMsoSyncRoot -IsManagementForest:$isManagementForest;
          }
        
[07.07.2021 11:07:38.0009] [2] Die Active Directory-Sitzungseinstellungen für 'initialize-DomainPermissions' lauten: Vollständige Gesamtstruktur anzeigen: 'True', Konfigurationsdomänencontroller: 'AD01.domain.de', Bevorzugter globaler Katalog: 'AD01.domain.de', Bevorzugte Domänencontroller: '{ AD01.domain.de }'
[07.07.2021 11:07:38.0010] [2] User specified parameters:  -CreateTenantRoot:'False' -CreateMsoSyncRoot:'False' -IsManagementForest:'False'
[07.07.2021 11:07:38.0010] [2] Beginning processing initialize-DomainPermissions
[07.07.2021 11:07:38.0012] [2] Used domain controller AD01.domain.de to read object DC=domain,DC=de.
[07.07.2021 11:07:38.0015] [2] Used domain controller AD01.domain.de to read object CN=Exchange Servers,OU=Microsoft Exchange Security Groups,DC=domain,DC=de.
[07.07.2021 11:07:38.0015] [2] Used domain controller AD01.domain.de to read object CN=Exchange Servers,OU=Microsoft Exchange Security Groups,DC=domain,DC=de.
[07.07.2021 11:07:38.0017] [2] Used domain controller AD01.domain.de to read object CN=Organization Management,OU=Microsoft Exchange Security Groups,DC=domain,DC=de.
[07.07.2021 11:07:38.0017] [2] Used domain controller AD01.domain.de to read object CN=Organization Management,OU=Microsoft Exchange Security Groups,DC=domain,DC=de.
[07.07.2021 11:07:38.0019] [2] Used domain controller AD01.domain.de to read object CN=Public Folder Management,OU=Microsoft Exchange Security Groups,DC=domain,DC=de.
[07.07.2021 11:07:38.0019] [2] Used domain controller AD01.domain.de to read object CN=Public Folder Management,OU=Microsoft Exchange Security Groups,DC=domain,DC=de.
[07.07.2021 11:07:38.0021] [2] Used domain controller AD01.domain.de to read object CN=Exchange Trusted Subsystem,OU=Microsoft Exchange Security Groups,DC=domain,DC=de.
[07.07.2021 11:07:38.0021] [2] Used domain controller AD01.domain.de to read object CN=Exchange Trusted Subsystem,OU=Microsoft Exchange Security Groups,DC=domain,DC=de.
[07.07.2021 11:07:38.0022] [2] Used domain controller AD01.domain.de to read object CN=Exchange Windows Permissions,OU=Microsoft Exchange Security Groups,DC=domain,DC=de.
[07.07.2021 11:07:38.0022] [2] Used domain controller AD01.domain.de to read object CN=Exchange Windows Permissions,OU=Microsoft Exchange Security Groups,DC=domain,DC=de.
[07.07.2021 11:07:38.0025] [2] Used domain controller AD01.domain.de to read object CN=Domänen-Benutzer,CN=Users,DC=domain,DC=de.
[07.07.2021 11:07:38.0027] [2] Used domain controller AD01.domain.de to read object CN=Delegated Setup,OU=Microsoft Exchange Security Groups,DC=domain,DC=de.
[07.07.2021 11:07:38.0027] [2] Used domain controller AD01.domain.de to read object CN=Delegated Setup,OU=Microsoft Exchange Security Groups,DC=domain,DC=de.
[07.07.2021 11:07:38.0035] [2] Used domain controller AD01.domain.de to read object DC=domain,DC=de.
[07.07.2021 11:07:38.0082] [2] Used domain controller AD01.domain.de to read object CN=AdminSDHolder,CN=System,DC=domain,DC=de.
[07.07.2021 11:07:38.0091] [2] [ERROR] Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
[07.07.2021 11:07:38.0092] [2] [WARNING] An unexpected error has occurred and a Watson dump is being generated: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
[07.07.2021 11:07:39.0174] [1] The following 1 error(s) occurred during task execution:
[07.07.2021 11:07:39.0174] [1] 0.  ErrorRecord: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
[07.07.2021 11:07:39.0174] [1] 0.  ErrorRecord: System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Microsoft.Exchange.Management.Tasks.SetupTaskBase.LogReadObject(ADRawEntry obj)
   bei Microsoft.Exchange.Management.Tasks.InitializeDomainPermissions.InternalProcessRecord()
   bei Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__91_1()
   bei Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)
   bei Microsoft.Exchange.Configuration.Tasks.Task.ProcessTaskStage(TaskStage taskStage, Action initFunc, Action mainFunc, Action completeFunc)
   bei Microsoft.Exchange.Configuration.Tasks.Task.ProcessRecord()
   bei System.Management.Automation.CommandProcessor.ProcessRecord()
[07.07.2021 11:07:39.0176] [1] [ERROR] The following error was generated when "$error.Clear(); 
          $createTenantRoot = ($RoleIsDatacenter -or $RoleIsPartnerHosted);
          $createMsoSyncRoot = $RoleIsDatacenter;

          #$RoleDatacenterIsManagementForest is set only in Datacenter deployment; interpret its absense as $false
          [bool]$isManagementForest = ($RoleDatacenterIsManagementForest -eq $true);

          if ($RolePrepareAllDomains)
          {
              initialize-DomainPermissions -AllDomains:$true -CreateTenantRoot:$createTenantRoot -CreateMsoSyncRoot:$createMsoSyncRoot -IsManagementForest:$isManagementForest;
          }
          elseif ($RoleDomain -ne $null)
          {
              initialize-DomainPermissions -Domain $RoleDomain -CreateTenantRoot:$createTenantRoot -CreateMsoSyncRoot:$createMsoSyncRoot -IsManagementForest:$isManagementForest;
          }
          else
          {
              initialize-DomainPermissions -CreateTenantRoot:$createTenantRoot -CreateMsoSyncRoot:$createMsoSyncRoot -IsManagementForest:$isManagementForest;
          }
        " was run: "System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Microsoft.Exchange.Management.Tasks.SetupTaskBase.LogReadObject(ADRawEntry obj)
   bei Microsoft.Exchange.Management.Tasks.InitializeDomainPermissions.InternalProcessRecord()
   bei Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__91_1()
   bei Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)
   bei Microsoft.Exchange.Configuration.Tasks.Task.ProcessTaskStage(TaskStage taskStage, Action initFunc, Action mainFunc, Action completeFunc)
   bei Microsoft.Exchange.Configuration.Tasks.Task.ProcessRecord()
   bei System.Management.Automation.CommandProcessor.ProcessRecord()".
[07.07.2021 11:07:39.0177] [1] [ERROR] Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
[07.07.2021 11:07:39.0177] [1] [ERROR-REFERENCE] Id=DomainGlobalConfig___27a706ffe123425f9ee60cb02b930e81 Component=EXCHANGE14:\Current\Release\Shared\Datacenter\Setup
[07.07.2021 11:07:39.0177] [1] Setup is stopping now because of one or more critical errors.
[07.07.2021 11:07:39.0177] [1] Finished executing component tasks.
[07.07.2021 11:07:39.0187] [1] Ending processing Install-ExchangeOrganization
[07.07.2021 11:09:20.0967] [0] CurrentResult setupbase.maincore:396: 0
[07.07.2021 11:09:20.0968] [0] End of Setup
[07.07.2021 11:09:20.0968] [0] **********************************************

 

 

 

Copper Contributor

I have the identical issue installing CU10 on an up to date CU9 Exchange 2019 servers.  This is also in a hybrid environment.  I have tried all obvious fixes and NONE work.  Come on Microsoft... give us a fix please.

Brass Contributor

A little heads up - we have currently a ticket opened with MS as we see MSSyncAppPool crashing around every hour with 5011 WAS error, right after installing CU21 over Exchange 2016 CU20. Still working on the root cause and solution with MS.

Copper Contributor

Can across the exact same issue last night, and this thread seems to be the only place where people discuss this error. My org is also English, so probably we can rule out the language part.

 

@GioVin: How is your support ticket holding? Did you got any useful tips?

Copper Contributor

I had the same /prepareAD error.  I was able to fix it by opening ADSI edit on my DC & migrating to CN=Configuration,DC=<DOMAIN>,DC=<COM>,CN=Services,CN=Microsoft Exchange,CN=<ORGANIZATIONAME>,CN=Hybrid Configuration & changing the security profile on the CN=Hybrid Configuration.  Went to properties & gave network service, exchange & all other keys FULL access.  I then ran /prepareAD and it completed successfully. 

Copper Contributor

@PacsoT 

No news about the case ......still under investigation

Copper Contributor

Result of SetupAssist.ps1 for info.
These are the only warnings/errors (except ExecutionPolicy is RemoteSigned)
WARNING: Exchange 2019 AD Level Failed. Mismatch detected.
WARNING: DN Value: 'CN=xx,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=xx,DC=local' - Version: 16756
WARNING: DN Value: 'CN=ms-Exch-Schema-Version-Pt,CN=Schema,CN=Configuration,DC=xx,DC=local' - Version: 17003
WARNING: DN Value: 'CN=Microsoft Exchange System Objects,DC=xx,DC=local' - Version: 13239
I hope this helps somebody have some insight !

Brass Contributor

Upgraded 2019 from CU8 over the weekend. schema updates had none of the issues mentioned in this thread. Followed the below.

 

setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms 


setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms

setup.exe /PrepareAllDomains /IAcceptExchangeServerLicenseTerms

Copper Contributor

Hello @m49808 @The_Exchange_Team,

 

it is known that installing CU21/CU10 works in most environments. But here in the thread it is apparent that many upgrades do not work in German environments.

 

I don't understand that @The_Exchange_Team until today is not able to investigate / determine the difference of the setup routines CU20 to CU21 and CU9 to CU10 respectively.

 

A small personal note, maybe I don't speak for the general public. But:
As a paying Microsoft Enterprise Agreement customer, I am very disappointed with the response time from Microsoft. A Public Sector Goverment colleague has not yet received a solution with his case at Microsoft.

Copper Contributor

I have also had enormous problems with Outlook client connectivity since installing Exchange 2016 CU21 last week.  I have a ticket open with Microsoft, but no resolution yet.

The problem is definitely related to AMSI.  Disabling AMSI by remarking out the configuration in web.config did not help.

We use Sophos, but this may apply to other AV providers.  Sophos advised disabling AMSI on the server agent for testing purposes.  I did this directly on the server agent with a support engineer.  No help.

Today I created and applied a profile from Sophos Central disabling AMSI on the server.  As soon as the profile applied Outlook connection speeds returned to normal.

I do not know if this is a Microsoft issue or a Sophos issue.  I believe it may be a Microsoft issue, as I've read that other admins using other AV products have had similar problems.  Regardless, I do hope it's resolved soon as this is a potentially important security issue.

Also, I noted today that a new security update for CU21 was released (Released: July 2021 Exchange Server Security Updates - Microsoft Tech Community).  No word in the article if this AMSI issue is addressed by this update, and the KB link in the article is not correct.

Copper Contributor

We are also having the issue many here are describing.

 

...read object CN=AdminSDHolder,CN=System....
...System.NullReferenceException: Object reference not set to an instance of an object....

 

Our install is English, so I do not believe it is language specific.

We are running Exchange 2016 Update 20.

Our Domain Functional Level is Windows Server 2012 R2.

We are setup in a hybrid environment.

The last SU installed was from May 2021.

 

I have tried every known trick in the book at this time.

I am personally guessing that there is a mistake in the Check Permissions PowerShell script but I have not gone through any of the scripts yet. I am half tempted to turn on for a few minutes the Transaction Log recording so I can see just what and where this thing is going wrong.

 

I will be asking the organization to open a ticket tomorrow but I am unsure if they will go for it.

 

Definitely looking for Microsoft to come out with a fix. I did not want to apply any other SU until we applied the latest CU.

 

Copper Contributor

We have Exchange 2016 CU20 servers and have installed July 2021 security updates but did not yet run /PrepareSchema using June 2021 CUs first.

 

Question: can we update the schema only but otherwise not install CU21? Is this supported?

Copper Contributor

@wazcal AD schema can be higher than the exchange version you are running this won't course any problems

  

Copper Contributor

Good day.

 

We have the same problem, a fault occurs at 98% of installation , the command

.\Setup.EXE /IAcceptExchangeServerLicenseTerms /PrepareAD

(Exchange 2019 CU10, the schema is successfully prepared).

In test environments, Exchange 2019 - hybrid, Exchange 2016 on-premises only, all things work smoothly and I hoped that it will work in the production. But...

 

[07/16/2021 08:15:39.0592] [2] Active Directory session settings for 'initialize-DomainPermissions' are: View Entire Forest: 'True', Configuration Domain Controller: <schema.domain>, Preferred Global Catalog: <schema.domain>, Preferred Domain Controllers: '{ <schema.domain> }'
[07/16/2021 08:15:39.0592] [2] User specified parameters:  -CreateTenantRoot:'False' -CreateMsoSyncRoot:'False' -IsManagementForest:'False'
[07/16/2021 08:15:39.0592] [2] Beginning processing initialize-DomainPermissions
[07/16/2021 08:15:39.0596] [2] Used domain controller <schema.domain> to read object DC=<domain>.
[07/16/2021 08:15:39.0601] [2] Used domain controller <schema.domain> to read object CN=Exchange Servers,OU=Microsoft Exchange Security Groups,DC=<domain>.
[07/16/2021 08:15:39.0601] [2] Used domain controller <schema.domain> to read object CN=Exchange Servers,OU=Microsoft Exchange Security Groups,DC=<domain>.
[07/16/2021 08:15:39.0605] [2] Used domain controller <schema.domain> to read object CN=Organization Management,OU=Microsoft Exchange Security Groups,DC=<domain>.
[07/16/2021 08:15:39.0605] [2] Used domain controller <schema.domain> to read object CN=Organization Management,OU=Microsoft Exchange Security Groups,DC=<domain>.
[07/16/2021 08:15:39.0608] [2] Used domain controller <schema.domain> to read object CN=Public Folder Management,OU=Microsoft Exchange Security Groups,DC=<domain>.
[07/16/2021 08:15:39.0608] [2] Used domain controller <schema.domain> to read object CN=Public Folder Management,OU=Microsoft Exchange Security Groups,DC=<domain>.
[07/16/2021 08:15:39.0612] [2] Used domain controller <schema.domain> to read object CN=Exchange Trusted Subsystem,OU=Microsoft Exchange Security Groups,DC=<domain>.
[07/16/2021 08:15:39.0612] [2] Used domain controller <schema.domain> to read object CN=Exchange Trusted Subsystem,OU=Microsoft Exchange Security Groups,DC=<domain>.
[07/16/2021 08:15:39.0615] [2] Used domain controller <schema.domain> to read object CN=Exchange Windows Permissions,OU=Microsoft Exchange Security Groups,DC=<domain>.
[07/16/2021 08:15:39.0615] [2] Used domain controller <schema.domain> to read object CN=Exchange Windows Permissions,OU=Microsoft Exchange Security Groups,DC=<domain>.
[07/16/2021 08:15:39.0619] [2] Used domain controller <schema.domain> to read object CN=Domain Users,CN=Users,DC=<domain>.
[07/16/2021 08:15:39.0622] [2] Used domain controller <schema.domain> to read object CN=Delegated Setup,OU=Microsoft Exchange Security Groups,DC=<domain>.
[07/16/2021 08:15:39.0622] [2] Used domain controller <schema.domain> to read object CN=Delegated Setup,OU=Microsoft Exchange Security Groups,DC=<domain>.
[07/16/2021 08:15:39.0635] [2] Used domain controller <schema.domain> to read object DC=<domain>.
[07/16/2021 08:15:39.0711] [2] Used domain controller <schema.domain> to read object CN=AdminSDHolder,CN=System,DC=<domain>.
[07/16/2021 08:15:39.0726] [2] Used domain controller <schema.domain> to read object CN=Computers,DC=<domain>.
[07/16/2021 08:15:39.0748] [2] Used domain controller <schema.domain> to read object CN=dc1,CN=Servers,CN=site1,CN=Sites,CN=Configuration,DC=<domain>.
[07/16/2021 08:15:39.0771] [2] Used domain controller <schema.domain> to read object CN=dc2,CN=Servers,CN=site2,CN=Sites,CN=Configuration,DC=<domain>.
[07/16/2021 08:15:39.0870] [2] Used domain controller <schema.domain> to read object CN=dc3,CN=Servers,CN=site3,CN=Sites,CN=Configuration,DC=<domain>.
[07/16/2021 08:15:39.0906] [2] Used domain controller <schema.domain> to read object CN=dc4,CN=Servers,CN=site4,CN=Sites,CN=Configuration,DC=<domain>.
[07/16/2021 08:15:39.0934] [2] Used domain controller <schema.domain> to read object CN=dc5,CN=Servers,CN=site5,CN=Sites,CN=Configuration,DC=<domain>.
[07/16/2021 08:15:39.0955] [2] Used domain controller <schema.domain> to read object CN=dc6,CN=Servers,CN=site6,CN=Sites,CN=Configuration,DC=<domain>.
[07/16/2021 08:15:39.0982] [2] Used domain controller <schema.domain> to read object CN=dc7,CN=Servers,CN=site6,CN=Sites,CN=Configuration,DC=<domain>.
[07/16/2021 08:15:40.0008] [2] Used domain controller <schema.domain> to read object CN=dc8,CN=Servers,CN=site7,CN=Sites,CN=Configuration,DC=<domain>.
[07/16/2021 08:15:40.0086] [2] Used domain controller <schema.domain> to read object CN=rodc,CN=Servers,CN=site8,CN=Sites,CN=Configuration,DC=<domain>.
[07/16/2021 08:15:41.0332] [2] [ERROR] Object reference not set to an instance of an object.
[07/16/2021 08:15:41.0332] [2] [WARNING] An unexpected error has occurred and a Watson dump is being generated: Object reference not set to an instance of an object.
[07/16/2021 08:15:41.0626] [1] The following 1 error(s) occurred during task execution:
[07/16/2021 08:15:41.0626] [1] 0.  ErrorRecord: Object reference not set to an instance of an object.
[07/16/2021 08:15:41.0626] [1] 0.  ErrorRecord: System.NullReferenceException: Object reference not set to an instance of an object.
   at Microsoft.Exchange.Management.Tasks.SetupTaskBase.LogReadObject(ADRawEntry obj)
   at Microsoft.Exchange.Management.Tasks.InitializeDomainPermissions.InternalProcessRecord()
   at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__91_1()
   at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)
   at Microsoft.Exchange.Configuration.Tasks.Task.ProcessTaskStage(TaskStage taskStage, Action initFunc, Action mainFunc, Action completeFunc)
   at Microsoft.Exchange.Configuration.Tasks.Task.ProcessRecord()
   at System.Management.Automation.CommandProcessor.ProcessRecord()
....
At the first time I thought that the problem was in the read-only domain controller with Global Catalog and removed the Global Catalog from the DC, but it doesn't help.
 
Please,  who can help.
Do we need to open a case on the Microsoft support?
 
Thanks!
Copper Contributor

Hi All,

We seem to be having the same issue described above. Has anyone had any luck?

Current Server is Exchange 2016 CU20 running on Server 2016

 

Error:
The following error was generated when "$error.Clear();
$createTenantRoot = ($RoleIsDatacenter -or $RoleIsPartnerHosted);
$createMsoSyncRoot = $RoleIsDatacenter;

#$RoleDatacenterIsManagementForest is set only in Datacenter deployment; interpret its absense as $false
[bool]$isManagementForest = ($RoleDatacenterIsManagementForest -eq $true);

if ($RolePrepareAllDomains)
{
initialize-DomainPermissions -AllDomains:$true -CreateTenantRoot:$createTenantRoot -CreateMsoSyncRoot:$createMsoSyncRoot -IsManagementForest:$isManagementForest;
}
elseif ($RoleDomain -ne $null)
{
initialize-DomainPermissions -Domain $RoleDomain -CreateTenantRoot:$createTenantRoot -CreateMsoSyncRoot:$createMsoSyncRoot -IsManagementForest:$isManagementForest;
}
else
{
initialize-DomainPermissions -CreateTenantRoot:$createTenantRoot -CreateMsoSyncRoot:$createMsoSyncRoot -IsManagementForest:$isManagementForest;
}
" was run: "System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.Exchange.Management.Tasks.SetupTaskBase.LogReadObject(ADRawEntry obj)
at Microsoft.Exchange.Management.Tasks.InitializeDomainPermissions.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__91_1()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)
at Microsoft.Exchange.Configuration.Tasks.Task.ProcessTaskStage(TaskStage taskStage, Action initFunc, Action mainFunc, Action completeFunc)
at Microsoft.Exchange.Configuration.Tasks.Task.ProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()".

Brass Contributor

We are having the CU Update issue as well.  Not sure I saw anyone with a fix above.  Exchange 2019 CU 9 to 10.  English language.

 

[07/16/2021 15:12:57.0046] [2] Used domain controller DC.domain.local to read object CN=AdminSDHolder,CN=System,DC=domain,DC=local.
[07/16/2021 15:12:57.0056] [2] [ERROR] Object reference not set to an instance of an object.
[07/16/2021 15:12:57.0056] [2] [WARNING] An unexpected error has occurred and a Watson dump is being generated: Object reference not set to an instance of an object.
[07/16/2021 15:12:57.0273] [1] The following 1 error(s) occurred during task execution:
[07/16/2021 15:12:57.0274] [1] 0. ErrorRecord: Object reference not set to an instance of an object.
[07/16/2021 15:12:57.0274] [1] 0. ErrorRecord: System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.Exchange.Management.Tasks.SetupTaskBase.LogReadObject(ADRawEntry obj)
at Microsoft.Exchange.Management.Tasks.InitializeDomainPermissions.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__91_1()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)
at Microsoft.Exchange.Configuration.Tasks.Task.ProcessTaskStage(TaskStage taskStage, Action initFunc, Action mainFunc, Action completeFunc)
at Microsoft.Exchange.Configuration.Tasks.Task.ProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
[07/16/2021 15:12:57.0275] [1] [ERROR] The following error was generated when "$error.Clear();
$createTenantRoot = ($RoleIsDatacenter -or $RoleIsPartnerHosted);
$createMsoSyncRoot = $RoleIsDatacenter;

#$RoleDatacenterIsManagementForest is set only in Datacenter deployment; interpret its absense as $false
[bool]$isManagementForest = ($RoleDatacenterIsManagementForest -eq $true);

if ($RolePrepareAllDomains)
{
initialize-DomainPermissions -AllDomains:$true -CreateTenantRoot:$createTenantRoot -CreateMsoSyncRoot:$createMsoSyncRoot -IsManagementForest:$isManagementForest;
}
elseif ($RoleDomain -ne $null)
{
initialize-DomainPermissions -Domain $RoleDomain -CreateTenantRoot:$createTenantRoot -CreateMsoSyncRoot:$createMsoSyncRoot -IsManagementForest:$isManagementForest;
}
else
{
initialize-DomainPermissions -CreateTenantRoot:$createTenantRoot -CreateMsoSyncRoot:$createMsoSyncRoot -IsManagementForest:$isManagementForest;
}
" was run: "System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.Exchange.Management.Tasks.SetupTaskBase.LogReadObject(ADRawEntry obj)
at Microsoft.Exchange.Management.Tasks.InitializeDomainPermissions.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__91_1()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)
at Microsoft.Exchange.Configuration.Tasks.Task.ProcessTaskStage(TaskStage taskStage, Action initFunc, Action mainFunc, Action completeFunc)
at Microsoft.Exchange.Configuration.Tasks.Task.ProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()".
[07/16/2021 15:12:57.0275] [1] [ERROR] Object reference not set to an instance of an object.
[07/16/2021 15:12:57.0278] [1] [ERROR-REFERENCE] Id=DomainGlobalConfig___27a706ffe123425f9ee60cb02b930e81 Component=EXCHANGE14:\Current\Release\Shared\Datacenter\Setup
[07/16/2021 15:12:57.0278] [1] Setup is stopping now because of one or more critical errors.
[07/16/2021 15:12:57.0278] [1] Finished executing component tasks.
[07/16/2021 15:12:57.0288] [1] Ending processing Install-ExchangeOrganization
[07/16/2021 15:12:57.0290] [0] CurrentResult console.ProcessRunInternal:198: 1
[07/16/2021 15:12:57.0291] [0] CurrentResult launcherbase.maincore:90: 1
[07/16/2021 15:12:57.0291] [0] CurrentResult console.startmain:52: 1
[07/16/2021 15:12:57.0292] [0] CurrentResult SetupLauncherHelper.loadassembly:452: 1
[07/16/2021 15:12:57.0292] [0] The Exchange Server setup operation didn't complete. More details can be found in ExchangeSetup.log located in the <SystemDrive>:\ExchangeSetupLogs folder.
[07/16/2021 15:12:57.0292] [0] CurrentResult main.run:235: 1
[07/16/2021 15:12:57.0292] [0] CurrentResult setupbase.maincore:396: 1
[07/16/2021 15:12:57.0293] [0] End of Setup
[07/16/2021 15:12:57.0293] [0] **********************************************

Brass Contributor

We are having the PrepareAD issues as well when trying to go from CU9 to 10 on Exchange 2019 in a hybrid environment and English language.

 

[07/16/2021 15:12:57.0046] [2] Used domain controller DC.domain.local to read object CN=AdminSDHolder,CN=System,DC=domain,DC=local.
[07/16/2021 15:12:57.0056] [2] [ERROR] Object reference not set to an instance of an object.
[07/16/2021 15:12:57.0056] [2] [WARNING] An unexpected error has occurred and a Watson dump is being generated: Object reference not set to an instance of an object.
[07/16/2021 15:12:57.0273] [1] The following 1 error(s) occurred during task execution:
[07/16/2021 15:12:57.0274] [1] 0. ErrorRecord: Object reference not set to an instance of an object.
[07/16/2021 15:12:57.0274] [1] 0. ErrorRecord: System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.Exchange.Management.Tasks.SetupTaskBase.LogReadObject(ADRawEntry obj)
at Microsoft.Exchange.Management.Tasks.InitializeDomainPermissions.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__91_1()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)
at Microsoft.Exchange.Configuration.Tasks.Task.ProcessTaskStage(TaskStage taskStage, Action initFunc, Action mainFunc, Action completeFunc)
at Microsoft.Exchange.Configuration.Tasks.Task.ProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
[07/16/2021 15:12:57.0275] [1] [ERROR] The following error was generated when "$error.Clear();
$createTenantRoot = ($RoleIsDatacenter -or $RoleIsPartnerHosted);
$createMsoSyncRoot = $RoleIsDatacenter;

#$RoleDatacenterIsManagementForest is set only in Datacenter deployment; interpret its absense as $false
[bool]$isManagementForest = ($RoleDatacenterIsManagementForest -eq $true);

if ($RolePrepareAllDomains)
{
initialize-DomainPermissions -AllDomains:$true -CreateTenantRoot:$createTenantRoot -CreateMsoSyncRoot:$createMsoSyncRoot -IsManagementForest:$isManagementForest;
}
elseif ($RoleDomain -ne $null)
{
initialize-DomainPermissions -Domain $RoleDomain -CreateTenantRoot:$createTenantRoot -CreateMsoSyncRoot:$createMsoSyncRoot -IsManagementForest:$isManagementForest;
}
else
{
initialize-DomainPermissions -CreateTenantRoot:$createTenantRoot -CreateMsoSyncRoot:$createMsoSyncRoot -IsManagementForest:$isManagementForest;
}
" was run: "System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.Exchange.Management.Tasks.SetupTaskBase.LogReadObject(ADRawEntry obj)
at Microsoft.Exchange.Management.Tasks.InitializeDomainPermissions.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__91_1()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)
at Microsoft.Exchange.Configuration.Tasks.Task.ProcessTaskStage(TaskStage taskStage, Action initFunc, Action mainFunc, Action completeFunc)
at Microsoft.Exchange.Configuration.Tasks.Task.ProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()".
[07/16/2021 15:12:57.0275] [1] [ERROR] Object reference not set to an instance of an object.
[07/16/2021 15:12:57.0278] [1] [ERROR-REFERENCE] Id=DomainGlobalConfig___27a706ffe123425f9ee60cb02b930e81 Component=EXCHANGE14:\Current\Release\Shared\Datacenter\Setup
[07/16/2021 15:12:57.0278] [1] Setup is stopping now because of one or more critical errors.
[07/16/2021 15:12:57.0278] [1] Finished executing component tasks.
[07/16/2021 15:12:57.0288] [1] Ending processing Install-ExchangeOrganization
[07/16/2021 15:12:57.0290] [0] CurrentResult console.ProcessRunInternal:198: 1
[07/16/2021 15:12:57.0291] [0] CurrentResult launcherbase.maincore:90: 1
[07/16/2021 15:12:57.0291] [0] CurrentResult console.startmain:52: 1
[07/16/2021 15:12:57.0292] [0] CurrentResult SetupLauncherHelper.loadassembly:452: 1
[07/16/2021 15:12:57.0292] [0] The Exchange Server setup operation didn't complete. More details can be found in ExchangeSetup.log located in the <SystemDrive>:\ExchangeSetupLogs folder.
[07/16/2021 15:12:57.0292] [0] CurrentResult main.run:235: 1
[07/16/2021 15:12:57.0292] [0] CurrentResult setupbase.maincore:396: 1
[07/16/2021 15:12:57.0293] [0] End of Setup
[07/16/2021 15:12:57.0293] [0] **********************************************

Brass Contributor

@The_Exchange_Team Hi Team, I am having a Exchange 2019 CU9 Hybrid server. I was able to update the AD schema successfully. But when I try to install the CU10 keep getting the below error.

Please suggest what to do...?

 

Error:
The following error was generated when "$error.Clear();
$createTenantRoot = ($RoleIsDatacenter -or $RoleIsPartnerHosted);
$createMsoSyncRoot = $RoleIsDatacenter;

#$RoleDatacenterIsManagementForest is set only in Datacenter deployment; interpret its absense as $false
[bool]$isManagementForest = ($RoleDatacenterIsManagementForest -eq $true);

if ($RolePrepareAllDomains)
{
initialize-DomainPermissions -AllDomains:$true -CreateTenantRoot:$createTenantRoot -CreateMsoSyncRoot:$createMsoSyncRoot -IsManagementForest:$isManagementForest;
}
elseif ($RoleDomain -ne $null)
{
initialize-DomainPermissions -Domain $RoleDomain -CreateTenantRoot:$createTenantRoot -CreateMsoSyncRoot:$createMsoSyncRoot -IsManagementForest:$isManagementForest;
}
else
{
initialize-DomainPermissions -CreateTenantRoot:$createTenantRoot -CreateMsoSyncRoot:$createMsoSyncRoot -IsManagementForest:$isManagementForest;
}
" was run: "System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.Exchange.Management.Tasks.SetupTaskBase.LogReadObject(ADRawEntry obj)
at Microsoft.Exchange.Management.Tasks.InitializeDomainPermissions.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__91_1()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)
at Microsoft.Exchange.Configuration.Tasks.Task.ProcessTaskStage(TaskStage taskStage, Action initFunc, Action mainFunc, Action completeFunc)
at Microsoft.Exchange.Configuration.Tasks.Task.ProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()".

 

 

Co-Authors
Version history
Last update:
‎Jun 29 2021 07:50 AM
Updated by: