Update Exchange 2016 cu2 to cu19

KP 21 Reputation points
2021-03-13T16:34:08.753+00:00

I have recently inherited server 2012 running exchange 2016 on CU2. I will be updating it to CU19 and applying the emergency patch put out by Microsoft. I am trying to locate the easiest way to backup Exchange or Internet Information Server (IIS) settings. I will be following this write up. Any other pointers are helpful. https://learn.microsoft.com/en-us/exchange/plan-and-deploy/install-cumulative-updates?view=exchserver-2019

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,498 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andy David - MVP 145.1K Reputation points MVP
    2021-03-13T17:27:05.957+00:00

    Follow these steps, rebooting after EACH step and running from an ELEVATED PROMPT.

    https://learn.microsoft.com/en-us/exchange/plan-and-deploy/prepare-ad-and-domains?view=exchserver-2016

    Install .net 4.8
    https://learn.microsoft.com/en-us/exchange/plan-and-deploy/supportability-matrix?view=exchserver-2019#microsoft-net-framework

    Run each step separately:
    Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema
    Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD
    Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAllDomains

    Then install CU19:
    CU19:
    https://www.microsoft.com/en-us/download/details.aspx?id=102532
    Then install the security patch:

    Critical Patch:
    https://www.microsoft.com/en-us/download/details.aspx?id=102772

    As for the "settings" backups, unless you made a custom change and documented it , you aren't really going to know what to back up.
    The reality is that you are so far behind and this exploit is so dangerous, you need to upgrade now and apply the patch immediately and not worry about any customization. If any customizing was done, you'll probably realize it later and you can set whatever you need.

    Once you are patched, you need to investigate to see if your server has been compromised and scan you server for known exploits:

    https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/

    Microsoft Support Emergency Response Tool (MSERT) to scan Microsoft Exchange Server

    https://learn.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

    https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/

    If you find no evidence of actual compromise, then you are probably ok, but look to getting a quality anti-malware solution for Exchange for ongoing protection.

    If any of your security detections or the investigation tools results lead you to suspect that your Exchange servers have been compromised and an attacker has actively engaged in your environment, execute your Security Incident Response plans, and consider engaging experienced Incident Response assistance. It is particularly critical if you suspect that your Exchange environment is compromised by a persistent adversary that you coordinate your response using alternative communications channels as mentioned earlier in this document.


1 additional answer

Sort by: Most helpful
  1. KP 21 Reputation points
    2021-03-16T18:49:25.663+00:00

    anonymous userDavid

    Thank you so much for the direction. The update worked perfectly without any errors.

    Follow these steps, rebooting after EACH step and running from an ELEVATED PROMPT.

    https://learn.microsoft.com/en-us/exchange/plan-and-deploy/prepare-ad-and-domains?view=exchserver-2016

    Install .net 4.8
    https://learn.microsoft.com/en-us/exchange/plan-and-deploy/supportability-matrix?view=exchserver-2019#microsoft-net-framework

    Run each step separately:
    Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema
    Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD
    Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAllDomains

    Then install CU19:
    CU19:
    https://www.microsoft.com/en-us/download/details.aspx?id=102532
    Then install the security patch:

    Critical Patch:
    https://www.microsoft.com/en-us/download/details.aspx?id=102772

    0 comments No comments