Exchange Server Cluster(DAG) Maintenance

If you are planning to make cumulative updates to your Exchange Servers, you must first put the server on which you will install the update into maintenance mode.
To perform maintenance on Exchange Servers, follow these steps:

  • First of all, if you are using a load-balancer, make sure that there is no mail traffic to the server you will maintain.
  • Pre-Check 1 – Get-ServerComponentState ExchServerName | ft Component,State -Autosize
  • Pre-Check 2 – Get-MailboxServer ExchServerName | ft DatabaseCopy* -Autosize
  • Pre-Check 3 – Get-ClusterNode ExchServerName| fl
  • Pre-Check 4 – Get-Queue
  • Maintenance 1 – Set-ServerComponentState ExchServerName -Component HubTransport -State Draining -Requester Maintenance
  • Maintenance 2 – Restart-Service MSExchangeTransport
  • Maintenance 3 – Get-Queue
  • Maintenance 4 – CD $ExScripts
    .\StartDagServerMaintenance.ps1 -serverName ExchServerName -MoveComment Maintenance -PauseClusterNode
  • Maintenance 5 – Redirect-Message -Server ExchServerName -Target OtherServerName
  • Maintenance 6 – Suspend-ClusterNode ExchServerName
  • Maintenance 7 – Set-MailboxServer ExchServerName -DatabaseCopyActivationDisabledAndMoveNow $True
  • Maintenance 8 – Set-MailboxServer ExchServerName -DatabaseCopyAutoActivationPolicy Blocked
  • Maintenance 9 – Set-ServerComponentState ExchServerName -Component ServerWideOffline -State Inactive -Requester Maintenance
  • Control 1 – Get-ServerComponentState ExchServerName | ft Component,State -Autosize
  • Control 2 – Get-MailboxServer ExchServerName | ft DatabaseCopy* -Autosize
    Get-ClusterNode ExchServerName | fl
    Get-Queue

By the way, if you have made changes to the configuration files (Web.config,Edgetransport.exe.config etc) before starting the update process, it is recommended to backup them, because the changes you made after the update will return to their default settings.

You can now update the server.

After completing the update process we need to take the server out of maintenance mode.

  • After 1 – Set-ServerComponentState ExchServerName -Component ServerWideOffline -State Active -Requester Maintenance
  • After 2 – CD $ExScripts
    .\StopDagServerMaintenance.ps1 -serverName ExchServerName
  • After 3 – Set-ServerComponentState ExchServerName -Component HubTransport -State Active -Requester Maintenance
  • After 4 – Restart-Service MSExchangeTransport
  • After 5 – Get-ServerComponentState ExchServerName | ft Component,State -Autosize

 

If you have specific configuration backups, you can compare them with your backups and rearrange them. (Don’t forget to restart the server)

Now you can add your server to the load-balancer again and include it in the mail traffic.

 

Have a nice day !

Issue fix “MicrosoftExchangeServiceHost” Crash : March 2022 Security Update

Some Exchange systems after installing the March 2022 Security Update, you may receive errors related to the “Microsoft Exchange Service Host” service may crash repeatedly.

Event ID 4999 (Application Log)
Watson report about to be sent for process id: 4564, with parameters: E12IIS, c-RTL-AMD64, 15.01.2375.024, M.Exchange.ServiceHost, M.Exchange.Diagnostics, M.E.D.ChainedSerializationBinder.LoadType, M.E.Diagnostics.BlockedDeserializeTypeException, c0e9-dumptidset, 15.01.2375.024.

Root Cause; If there are any expired certificates or certificates nearing expiration on the Exchange Server.
Workaroud; Replace any expired certificates and, if you are on Exchange Server 2016 or Exchange Server 2019, follow these steps:

  • Must have temporary full access to the arbitration mailbox
    Get-Mailbox -Arbitration "SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}" | Add-MailboxPermission -User AdminAccount -AccessRights FullAccess
  • Run the Remove Expiry Notification script from Exchange Management Shell (user with full permission assigned to arbitration mailbox)
    Remove-CertExpiryNotifications.ps1 -Server ExchangeServer -Confirm:$false
  • Check all the messages are deleted , again run script it should report that there are no messages present in the folder
    Remove-CertExpiryNotifications.ps1 -Server ExchangeServer -WhatIf
  • Start the MSExchangeServiceHost service and confirm that it is not crashing
  • Revoke the full access permission
    Get-Mailbox -Arbitration "SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}" | Remove-MailboxPermission -User AdminAccount -AccessRights FullAccess
  • Renew any certificates that expire

Have a nice day !

March 2022 Exchange Server Security Updates

Microsoft Exchange Servers security updates have been released for March 2022.

These updates are available for the following specific builds of the Exchange Server:

Exchange Server 2013 CU23
Exchange Server 2016 CU21 and CU22
Exchange Server 2019 CU10 and CU11

The recommendation is to install these updates immediately to protect your environment.
You can installation security patches if you are in the specified Cumulative Update(CU) versions.

If you aren’t in the specified cumulative updates, you must first installation cumulative updates.

Note : Don't double-click the 'MSP file' to run it. Run Command Prompt (not powershell) as an Administrator.

Further Information and Guidance
Exchange Team Blog
Exchange Updates Step-by-Step Guide
Determine Which Updates are Needed
Security Update Guide

Have a nice day !