Home » Exchange Server 2010 » High Availability » DAG » Performing Windows and Exchange patching in DAG Environment

Performing Windows and Exchange patching in DAG Environment

Windows and Exchange patching

Windows and Exchange Application patching is an important task and this should be maintained on regular basis and this also requires a proper planning.


If we don’t perform patch on the servers there are chances that we might see Servers on risk like

1: Security risk

2: Application bugs.

So we will discuss how to perform Patching on Windows and Exchange Servers.

In-order to perform we need to have proper permissions. As we discussing about Windows and Exchange Servers so let’s see what are Permissions that are required.


Patching Mode Name Permissions
Windows Patching Local Administrator
Exchange Patching Local Administrator
Schema Admins
Enterprise Admins
Domain Admins
Organization management


Note : 

Microsoft releases the patches on 2nd Tuesday of every month (Windows Patches).

So plan it accordingly, before patching on the Production Servers it would be recommended to test on lab servers if it works well then plan it on your Production servers.

Prerequisites :

1: Test the patches in the Lab machines.

2: Raise a change request if your using Monitoring Tools, and wait for the approval “Also write tested in the lab”.

3: Once Change has been approved go ahead with further steps.

4: Place servers in the Maintenance mode SCOM/Tivoli/other monitoring tool


Steps to Perform Patching (Windows):


Step1 : If your using any monitoring Tools like SCOM or Tivoli then place them maintenance mode to stop the alerts getting generated.

Step2: Now login to Exchange Server and check for the latest updates.

Step3: Open the EMS(Exchange Management Shell) Run as Administrator.

Step4: Now before starting patch work we’ll move the PAM to another Server\


To Move PAM to another Server below is the command:

cluster.exe “DagName” group “Cluster Group” /MoveTo:”destinationServer”

Step5: Run the command “Set-ExecutionPolicy Unrestricted

Step6: Locate the point to Scripts folder as shown below.


Step7: Run the below script

.\maintenanceWrapper.ps1 –server <SERVERNAME> –action Start

For More Info : DAG Maintenance Scripts Steps

Let’s start Windows Patching

Go to start -> All Programs -> Windows Update -> Click the Available updates.




Step8: Check that there are no Exchange rollup/hotfix/ServicePack, if there is a rollup checked then UNCHECK the Exchange rollup/hotfix/ServicePack. Because we are doing Window Patching not the Exchange 🙂

Step9: Then Click ok and then click on Install Updates as shown in the below Screenshot.


Step10: Once completed click finish and restart the server.

Step11: Again open the EMS “Run as Administrator”.


Run the same command but here we need to stop the Maintenance mode:

.\maintenanceWrapper.ps1 –server <SERVER NAME> –action Stop


To Verify if the Maintenance mode is stopped or not to confirm then run the below command again

Get-DatabaseAvailabilityGroup -Status | fl Name,serversinmaintenance
To check the Database mounted on which server run the below cmdlet:

Get-MailboxDatabase | fl name,Server


After confirming that maintenance stopped then move the Databases to Active Copy using the below command.


Move-ActiveMailboxDatabase -Identity ‘Db Name’ -ActivateOnServer ‘Destinationserver’ -MountDialOverride ‘None’


Steps to Perform Patching (Exchange):


Step1: Download the patch or service pack from Microsoft link only.

Step2: This “service pack/ roll up” will be preferred to download to one server and copied to all other server.

Step3: Follow the same procedure as we have done for Windows and Install the Exchange patch.

Step4: Restart the server once Exchange patching has completed

Final Step is to Stop the Maintenance Mode for the Monitoring Tools like SCOM \Tivoli


Note: While performing Exchange Patching please follow the steps are below :


Scenario 1

Let’s take 2 Nodes

Node1 All Roles in One Box

Node2 All Roles in One Box

Moving the DAG and Database Copies based on your Requirement.

Scenario 2

Again 2 Nodes Scenario

Node1 CA/HB

Node2 Mailbox

Recommended to perform Maintenance on Node1 (CA/HB) first and then Node2


Verification Tests

Run the following tests on all Exchange servers

1: Test-ServiceHealth

No service should show in Service not running under any role.

If all in one roles then:


If CA/HB then the output would be as shown below :


2: Check the Queue if there are any emails stuck in the queue.

3: Test-ReplactionHealth

4: Test-OutlookWebServices

5: Test-Mapiconnectivity

6: Get-mailboxdatabasecopystatus *\*


7:  Login to OWA using test account and test send and receive of the email.


For More Info on DAG: Exchange-maintenance-Monitoring-Command Kit



Praveen Kumar

MCTS | Exchange Server

Publisher of

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: