Security Update For Exchange Server 2016 CU21 (KB5004779) Fails with Error 0x80070643

Jonathan Hatfield 31 Reputation points
2021-09-11T16:33:07.133+00:00

Title says it all. Trying to install KB5004779 via Windows Update and it repeatedly fails with error 0x80070643.

I've attempted to install this update manually, but receive and error that states "you need at least exchange server administrator permission on the current computer". The account I'm using is a member of Domain Ad
in, Schema Admin, Enterprise Admin, and Exchange Organization Admin. So permissions are not a problem.

Any help is appreciated

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,494 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Jonathan Hatfield 31 Reputation points
    2021-09-15T16:42:26.23+00:00

    I was able to get this working. I had to perform multiple steps:

    1. Start Exchange Management Shell as an administrator and run the following scripts: .\UpdateCas.ps1 and .\UpdateConfigFiles.ps1.
    2. Exit Exchange Management Shell and open a Command Prompt window as an administrator.
    3. Run iisreset.

    Taken from here: https://learn.microsoft.com/en-us/exchange/troubleshoot/client-connectivity/owa-stops-working-after-update

    After the update completed and the server rebooted, I couldn't access OWA or EAC. I then needed to create a new certificate:

    https://learn.microsoft.com/en-us/exchange/troubleshoot/administration/cannot-access-owa-or-ecp-if-oauth-expired

    1 person found this answer helpful.
    0 comments No comments

  2. Kael Yao-MSFT 37,676 Reputation points Microsoft Vendor
    2021-09-13T07:00:33.85+00:00

    Hi @Anonymous

    Did you follow this link to install the security update?
    (you should use Command Prompt and Run as administrator, type the full path of the .msp file to install )

    If the problem persists, do you have some third-party software running on the Exchange server? For example, anti-malware software.
    If there are any, please disable or uninstall them to see if you are able to install the security update.

    In addition, have you tried with another account which has the required permissions? Would the same issue persist?


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments