CU update install failing with error 1603

Mikayel Mikayelyan 61 Reputation points
2021-03-10T10:58:00.777+00:00

Hello all, I am not sure if posting question in right place, but hope someone can help me with this as I didn't found any answer on web.
I am trying to update Exchange 2013 CU9 to CU 23. All prerequisites' are done and fine with that. But When I try to install I am getting this error in the step when coping files are started at 24% it gives this error:
Installing product E:\Exchange 2013-CU23\exchange server.msi failed. Fatal error during installation. Error code is 1603. Last error reported by the MSI package is 'The installer has insufficient privileges to access this directory: C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth\15.0.1497. The installation cannot continue. Log on as administrator or contact your system administrator.'

I am using Admin account with all the required access rights. Also I have checked that path shown above and find out there is no 15.0.1497 folder inside auth folder. There is folder 15.0.1104. Also after this all services are disabled and can't run even the CU9 that was working normal. So we are restoring vm from last backup.
Please if you can help me how to update 2013 CU9 to latest version we are planning to migrate to 2016 so need at least CU10.

Thanks in advance.

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,492 questions
{count} vote

9 answers

Sort by: Most helpful
  1. DocBrown 21 Reputation points
    2021-03-13T15:15:36.5+00:00

    CU23 is failing due to modified permissions on the Auth folder. I'm finding this on select 2013 Exchange Servers that have been compromised.

    I was able to get the upgrade to run by changing the permissions on the Auth folder and it's contents. First I changed the owner from System to Domain Admin. Then I added permissions for the local and domain admin accounts. Once this was done I was able to successfully install CU23.

    4 people found this answer helpful.

  2. Chris Calbreath 21 Reputation points
    2021-03-13T15:42:07.397+00:00

    I just encountered this as well on a compromised server. It looks like inheritance was disabled. I made myself the owner of the folder and then just re-enabled inheritance to allow CU23 install to complete.

    2 people found this answer helpful.

  3. Xzsssss 8,861 Reputation points Microsoft Vendor
    2021-03-11T03:02:44.487+00:00

    Hi @Mikayel Mikayelyan ,

    Good day.

    Since you're going to upgrade from CU9 to CU23, there is a huge gap of them.
    You should install the .Net FrameWork .4.8 to support the CU23.
    Also if you want to use the PowerShell to upgrade, you'll have to make your Schema/AD/AD domain prepared, If you use the Setup Wizard, you don't have to do this.

    For this issue, you can give a full control permission of the folder to your account or add Everyone to the list and give it Full Control.

    A related case that could help: Exchange 2019 CU8 Upgrade failed - insufficient privileges to access \owa\auth\15.2.792

    Regards,
    Zhengqi Lou


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

  4. Joshua 6 Reputation points
    2021-03-22T16:25:57.48+00:00

    I actually resolve the issue after correcting the permissions and mount the iso on the VM datastore NOT just mounting the iso from downloads.

    Best,

    1 person found this answer helpful.

  5. Brad Dale LevcoTech 1 Reputation point
    2021-03-12T01:11:11.607+00:00

    I like this answer, but don't like this answer.

    What should be the official Security permission on this directory?

    I.E. what do I need to change it back to after the CU update, or will the CU update fix the permissions?

    Thanks,
    Brad Dale