none
Upgrading Exchange 2013 CU8 to CU23 RRS feed

  • Question

  • Hello,

    Good Day!!!

    We have 2 Exchange 2013 CU8 member of the DAG, our company requires us to use TLS 1.2 in the Exchange.

    Accordingly TLS 1.2 supports starting from CU19 above and the available to download in Microsoft is CU23.

    I am looking for detailed steps on how to Upgrade to CU23 and how to enable TLS 1.2.

    Your HELP and Support will be very much appreciated.

    Thanks very much.

    Wednesday, November 6, 2019 6:28 AM

All replies

  • Hi,

    to stay on the supported upgrade path, you'll have to

    • make sure you're running .NEt 4.5.2
    • upgrade Exchange to CU15
    • upgrade .NET to 4.6.2
    • upgrade Exchange to CU19 or 20
    • upgrade .NET to 4.7.1
    • upgrade Exchange to CU22
    • upgrade .NET to 4.7.2
    • upgrade Exchange to CU23

    I am hoping for you that you haven't got Unified Messaging activated, otherwise you have to uninstall/reinstall all Language Packs that are being used.

    As to TLS 1.2, here's an article from KEMP to get you started: https://kemptechnologies.com/blog/enabling-tls-1-2-on-exchange-server-2013-2016-part-1/


    Evgenij Smirnov

    http://evgenij.smirnov.de

    Wednesday, November 6, 2019 7:14 AM
  • Hi Evgenij,

    Many Thanks...Do you mean it is Not advisable to directly upgrade to CU23?? I have a long way to go.

    In the Download site of Microsoft only CU22 and CU23 are available, can you Please provide a link where to download CU15,CU19,CU20.

    Also the 2 Exchange 2013 are member of the DAG, do you have steps how to upgrade Exchange member of the DAG??

    many many thanks again.

    Wednesday, November 6, 2019 7:31 AM
  • Hi,

    no, I cannot provide the links. I do host some important CUs for Exchange 2016 on my website, but not for 2013 anymore.

    You could upgrade to .NET 4.7.2 and CU23 in one step. It's completely unsupported and most probably Microsoft won't be able, or willing, to help you if it goes awry.

    As to DAG members... if you go the supported route, I would recommend repeating each step (or steps up to the next Exchange CU) on both members.

    Another idea: If you have compute and storage resources fopr that, you could build out two new CU23 servers, add them to the DAG, add DB copies on those servers, then remove and decommission the CU8 machines. You need to take care of certificates, load balancing, receive connectors and stuff but for 2 machines, it's probably going to take less time than the above patching route, not to mention that you need to get two abandoned CUs from somewhere...


    Evgenij Smirnov

    http://evgenij.smirnov.de

    Wednesday, November 6, 2019 7:42 AM
  • Hi Evgenij,

    Thanks again...we will upgrade until CU19 only since TLS 1.2 supports starting from CU19.

    We have a Testing environment which is a Replica of the Working environment. The plan is to install the upgrade first in our Testing environment , once it is tested we will export and import in Hyper-V the Server Exchange 2013 CU19 one at a time to the Working environment...is that a good Plan??

    Best regards..

    Wednesday, November 6, 2019 8:12 AM
  • Hi,

    no, you cannot move an Exchange server between domains. (This is assuming your test environment is separate from production)


    Evgenij Smirnov

    http://evgenij.smirnov.de

    Wednesday, November 6, 2019 8:53 AM
  • Hi Evgenij,

    The Testing environment is a Restored copy from our Backup Server, so its the same domain and  environment.

    best regards...

    Wednesday, November 6, 2019 9:26 AM
  • Still, that won't work. The entire config will be missing from AD.

    If you do have the resources, installing a server shouldn't be a problem.


    Evgenij Smirnov

    http://evgenij.smirnov.de

    Wednesday, November 6, 2019 11:08 AM
  • Hi Evgenij,

    Many Thanks...Do you mean it is Not advisable to directly upgrade to CU23?? I have a long way to go.

    In the Download site of Microsoft only CU22 and CU23 are available, can you Please provide a link where to download CU15,CU19,CU20.

    Also the 2 Exchange 2013 are member of the DAG, do you have steps how to upgrade Exchange member of the DAG??

    many many thanks again.

    You can go straight to CU23.

    Don't be intimidated by that disclaimer. It just means that the Product Group hasnt tested every scenario. If something does go wrong, you will be supported.

    https://docs.microsoft.com/en-us/exchange/plan-and-deploy/supportability-matrix?view=exchserver-2019

    • When upgrading Exchange from an unsupported CU to the current CU and no intermediate CUs are available, you should first upgrade to the latest version of .NET that's supported by Exchange and then immediately upgrade to the current CU. This method doesn't replace the need to keep your Exchange servers up to date and on the latest supported CU. Microsoft makes no claim that an upgrade failure will not occur using this method, which may result in the need to contact Microsoft Support Services.

    Upgrading DAG members:

    https://practical365.com/exchange-server/exchange-2013-installing-cumulative-updates/

    Wednesday, November 6, 2019 11:40 AM
    Moderator
  • Hi Andy,

    Many Thanks for the information.

    The Plan is to test and upgrade it in the Testing environment which were Restored from our Backup Server, the restored Servers are the whole Production Server environment which Includes the Domain controller servers, Exchange Servers, Certificate and Witness server.

    Once it is tested we will export and import it in Hyper-V the Server Exchange 2013 CU23 one at a time to the Production environment...will this plan work??

    best regards...

    Wednesday, November 6, 2019 12:12 PM
  • Hi Andy,

    Many Thanks for the information.

    The Plan is to test and upgrade it in the Testing environment which were Restored from our Backup Server, the restored Servers are the whole Production Server environment which Includes the Domain controller servers, Exchange Servers, Certificate and Witness server.

    Once it is tested we will export and import it in Hyper-V the Server Exchange 2013 CU23 one at a time to the Production environment...will this plan work??

    best regards...

    Thats not supported. 

    Your only real path if you don't have any interim CUs is to follow that doc and update the .net then upgrade to CU23 after you have prepped the forest correctly.

    https://docs.microsoft.com/en-us/exchange/plan-and-deploy/prepare-ad-and-domains?view=exchserver-2019


    Wednesday, November 6, 2019 2:22 PM
    Moderator
  • Hi Andy,

    Thanks again...i am just worried with the upgrade, that's why we want to test it first in the testing environment.

    Looks like i have to directly upgrade it to the production environment.

    One more thing Do i have to run the "setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms" and "setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms"  before Performing the Upgrade???

    many many Thanks...

    Wednesday, November 6, 2019 4:01 PM
  • One more thing Do i have to run the "setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms" and "setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms"  before Performing the Upgrade???

    Yes, you do.

    Evgenij Smirnov

    http://evgenij.smirnov.de

    Wednesday, November 6, 2019 4:05 PM
  • Hi Andy,

    Thanks again...i am just worried with the upgrade, that's why we want to test it first in the testing environment.

    Looks like i have to directly upgrade it to the production environment.

    One more thing Do i have to run the "setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms" and "setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms"  before Performing the Upgrade???

    many many Thanks...

    Yes. Always best the run those steps explicitly. If this is a multi-domain forest, dont forget

    \Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAllDomains

    Wednesday, November 6, 2019 5:54 PM
    Moderator
  • Hi Evgenij and Andy,

    Thanks very much for the support and information.

    best regards...
    Thursday, November 7, 2019 5:49 AM
  • Hi,

    Just add more information.

    The general process for applying upgrades to a DAG member is as follows:

    1. Put the DAG member in maintenance mode.
    2. Install the update.
    3. Take the DAG member out of maintenance mode and put it back into production.

    For how to perform maintenance, you can check this for more details: Performing maintenance on DAG members

    Additionally, you can modify registry values to enabla TLS 1.2. This blog may help you enable TLS 1.2 for your organization: Exchange Server TLS guidance, part 1: Getting Ready for TLS 1.2

    Registry disclaimer: Serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Thursday, November 7, 2019 8:01 AM
    Moderator
  • Hi Lydia,

    Many Thanks for the information.. by using the TLS 1.2, What will be the effect with my client connection to Exchange 2013 CU23?? I have clients using the Mobile phones, Outlook 2016,2013, 2010 and OWA.

    I am so worried that once upgraded to CU23, there will be issues with the connectivity in the Exchange.

    Your support is very much appreciated.

    thanks...thanks...

    Thursday, November 7, 2019 9:37 AM
  • Hi Lydia,

    Many Thanks for the information.. by using the TLS 1.2, What will be the effect with my client connection to Exchange 2013 CU23?? I have clients using the Mobile phones, Outlook 2016,2013, 2010 and OWA.

    I am so worried that once upgraded to CU23, there will be issues with the connectivity in the Exchange.

    Your support is very much appreciated.

    thanks...thanks...

    I wouldnt look at the TLS stuff right now. Just get your Exch org up to the latest version first  :)
    Thursday, November 7, 2019 11:19 AM
    Moderator
  • Enabling TLS 1.2 doesn't mean you have to disable TLS 1.0/1.1. It won't affect the mail flow and client connection in your organization. 

    If you have any issues after upgrading your Exchange server, please feel free to post in our forum.

    Hope everything works well on your side.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Tuesday, November 12, 2019 11:42 AM
    Moderator
  • Just checking in to see if above information was helpful. If you have any questions or need further help on this issue, please feel free to post back.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Thursday, November 21, 2019 2:47 PM
    Moderator
  • Here is a brief summary about above replies, hope more people can get useful information from it.

    Request

    ===========================================

    We have 2 Exchange 2013 CU8 member of the DAG, our company requires us to use TLS 1.2 in the Exchange.

    I am looking for detailed steps on how to Upgrade to CU23 and how to enable TLS 1.2.

    I am so worried that once upgraded to CU23, there will be issues with the connectivity in the Exchange.

    Suggestions

    ===========================================

    1. Requires Microsoft .NET Framework 4.7.2, extend schema, prepare AD and domains before upgrade to Exchange 2013 cu23.

    2. The general process for applying upgrades to a DAG member is as follows:

    • Put the DAG member in maintenance mode.
    • Install the update.
    • Take the DAG member out of maintenance mode and put it back into production.

    3. Enabling TLS 1.2 doesn't mean you have to disable TLS 1.0/1.1. It won't affect the mail flow and client connection in your organization. 

    Reference Links

    ===========================================

    Cumulative Update 23 for Exchange Server 2013

    Performing maintenance on DAG members

    Exchange Server TLS guidance, part 1: Getting Ready for TLS 1.2

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Monday, November 25, 2019 3:52 PM
    Moderator