Microsoft Exchange CU Installation Gone Wrong?

If you start an Exchange CU update and it fails for some reason, you may find that even if you revert to a snapshot, your left with a broken exchange server.

Since Exchange is an Active Directory integrated application there are certain parameters that exchange will let the Domain Controllers know about during install and if they were not a part of your backout plan, then you may well hit this issue.

Symptoms

Firstly I was unable to get Power Shell to connect to the exchange server. The event logs shoed hundereds of errors stating:

An error occurred while using SSL configuration for endpoint 0.0.0.0:444. The error status code is contained within the returned data.

This was caused because the SSL certificate applied to the Exchange Backend was incorrect. To resolve this run this first command and then verify this is the cause by checking the certificate hash on :443 differs from :444.

netsh http show sslcert 

Resolving “HttpEvent” event id 15021

Next we delete the SSL Cert binding and the apply the correct one. Be sure to change the cert hash to match the one in your environment.

netsh http delete sslcert ipport=0.0.0.0:444

netsh http add sslcert ipport=0.0.0:444 certhash= appid="{4dc3e181-e14b-4a21-b022-59fc669b0914}"

Once thats resolved, you should be able to get into PowerShell.

Resolving 421 4.3.2 Service not active

The next problem is that you’ll release your inbound mail from your Anti-Spam, and you’ll start to see errors like:

421 4.3.2 Service not active

This happens because Active Directory thinks the server is not accepting mail because its undergoing an upgrade. To verify this run:

You should see that all of the components are all “inactive“.

Get-ServerComponentState <ServerName>

Next run:

$Requesters = Get-ServerComponentstate –Identity  <ServerName>  -Component ServerWideOffline
$Requesters.LocalStates

We see that our Maintenance requester is Active so we need to change this. Once you have confirmed this, you can change this by running

Set-ServerComponentState  <ServerName>  -Component ServerWideOffline -State Active -Requester Functional

Leave a Reply

Your email address will not be published. Required fields are marked *