Exchange 2010 SP3 RU28/29/30 ended prematurely (Management Framework 3.0 on Server)

Server 2008R2, Exchange 2010 SP3, ROLLUP 27 installed, 2x DAG Mailbox Server (Netapp Snap Manager for Exchange 7.2.1), CAS-Servers all went fine to Upgrade to RU30

 

This KB is all about a built in Exchange 2010 Powershell Script from Microsoft where they complain or wonder about Powershell from Microsoft. A finally statement has following comment:

"Curious PS behavior: It appears that 'return' trumps 'throw', so don't return..."

 

What we try to do:

We install RU28/29 or 30 on Exchange 2010 SP3 with some "World famous" Netapp Software for Exchange Backup SnapManager or some Netapp Partner tool.

Because it's "Freaky" the Netapp people install Microsoft Management Framework 3.0 or 4.0. So they have a little plug-in somewhere or can freak around with Power shell to show off their skills to other people. Because their football field size compatibility matrix shows they have to upgrade they update.

So the real problem is the Management Framework 3.0 or 4.0 installed by some Netapp Software or a partner plugin from a Netapp company.

 

This is what happens:

Regular approved setup, elevated, services no needed Stopped, Execution Policy Unsigned.

Error

Setup Wizard for Update Rollup for Exchange Server 2010 Service Pack 3 ended prematurely because of an error. Your system has not been modified. To install this program at a later time, please run the installation again.

 

Event 1023, Msiinstaller, Application, Update Rollup

 

As always you did check:

  • The account you update is not some lockdown crap admin.s admin.c User which has no Schema, ADS-permission
  • Set-executionpolicy unrestricted
  • Disabled Cert Revocation Check in IE/EDGE > Options
  • Make a cmd.exe on Desktop run that ELEVATED (Run as Administartor)
  • Shortly disable AV even if it's Mcafee ENS ;-)

But that was not the error here….

 

Try to re-run it with debug option so you see more:

D:\edv\RU30\Exchange2010-KB4536989-x64-en.msp /lvx D:\edv\RU30\RU30_InstallationLogFile.log

Also check everything under C:\ExchangeSetupLogs\*.log

 

Logfile Debug:

MSI (c) (C4:C8) [21:28:16:082]: Product: Microsoft Exchange Server - Update 'Update Rollup 30 for Exchange Server 2010 Service Pack 3 (KB4536989) 14.3.496.0' could not be installed. Error code 1603. Additional information is available in the log file D:\edv\Exchange_2010_SP3_ROLLUP_30\RU30_InstallationLogFile.log.

 

MSI (c) (C4:C8) [21:28:16:082]: Windows Installer installed an update. Product Name: Microsoft Exchange Server. Product Version: 14.3.123.4. Product Language: 1033. Manufacturer: Microsoft Corporation. Update Name: Update Rollup 30 for Exchange Server 2010 Service Pack 3 (KB4536989) 14.3.496.0. Installation success or error status: 1603.

MSI (c) (C4:C8) [21:28:16:113]: MainEngineThread is returning 1603

 

Remark Butsch:

 

Return MSI error normal helps if the MSI just copied a few files and registry keys. If the MSI starts one hundred powershells and it fails the error means almost nothing. That's like you trigger a start.cmd which calls a start.bat and that calls a start.vbs and somewhere you should capture an %errorlevel%

Lets search for [ERROR] in all Exchange logs > As example under c:\exchangesetuplogs\*.log

Check the logfile C:\ExchangeSetupLogs\ServiceControl.log for [ERROR]

 

[20:18:24] [Error] System.Management.Automation.ParseException: At D:\Program Files\Microsoft\Exchange Server\V14\Scripts\ManageScheduledTask.ps1:462 char:5

+ return $success

 

Solution 1:

Microsoft recommends to UNINSTALL Management Framework 3.0 or 4.0 > Install the Rollup > RE-Install Management Framework 3.0 or 4.0 and pray.

Solution 2:

Just give the Service Pack RU (The Powershell) what it wants. A return value $success. ;-) As you can guess not official supported says the guy who wrote the comments in the PS code? It's really in the beginning when the Rollup checks Services, Checks that Powershell runs etc.

Backup the file then Modify file ManageScheduledTask.ps1 from "D:\Program Files\Microsoft\Exchange Server\V14\Scripts" Line 462.

Change line 462 from "Return $success" To "# Return $success"

Just put the # and a space in front of it (Exclude)

OR this worked too….

Change line: "Return $success" to "Write-Output $success"

 

The comments speaks for their self in this Microsoft Script. Microsoft about Microsoft ;-)

09/2020 Patchday, KB4577015, breaks MMC (wsecedit.dll ) console for local security and GPO SRV 2016

 

ERROR: wsecedit.dll, MMC, Local Security Policy, Security Options > "MMC has detected and error in a snap-in"

Update 2020-09 Cumulative Update (KB4577015) bug mit GPO/MMC.

"Next steps: We are working on a resolution and will provide an update in an upcoming release."

Macht ein bug bei Server 2016 z.B. MMC-Konsole. Ich würde daher DC oder IT-MANAGEMENT Server 28.09.2020 nicht weiter patchen.

DC GPO nicht mehr verwaltbar auf SRV 2016 direkt selber.

 

https://docs.microsoft.com/en-us/answers/questions/92345/gpmc-error-for-34security-options34-after-updates.html

 

Workaround:

 

  1. RSAT Tools auf W10 installieren und von dort managen
  2. Unschöner fix unten:

 

reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit\Reg Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/DontDisplayLockedUserId"

 

 

   

 

How to turn off Autodiscover Warning in Outlook 2010, 2013, 2016, 2019

How to turn off Autodiscover Warning in Outlook 2010/2013/2016/2019 (Exchange 2010/2013/2016)

Warnung: Das Konto wurde fuer die Einstellung auf die Website umgeleitet

https://support.microsoft.com/en-us/help/2480582/how-to-suppress-the-autodiscover-redirect-warning-in-outlook

A little bit more explained than in the Microsoft KB and with a check THAT if you ONLY set the Registry key if the OFFICE Version is installed. During Migrations you could otherwise run into trouble if this key re-applies just the time you migrate to next office version.

This after you done Split DNS and integrated Autodiscover like you should.

http://www.butsch.ch/post/Exchange-200720102013-with-SPLIT-DNS-and-ONE-single-Certificate.aspx

 

We have:

Autodiscover.butsch.ch    (Exchange Server Autodiscover DNS entries)

mail.butsch.ch (Exchange Server)

This is what we don't want:

Make a new GPO policy.

Erstellen neue GPO:

 

Registry Keys:

"Software\Microsoft\Office\14.0\Outlook\AutoDiscover\RedirectServers" (Office 2010)

"Software\Microsoft\Office\15.0\Outlook\AutoDiscover\RedirectServers" (Office 2013)

"Software\Microsoft\Office\16.0\Outlook\AutoDiscover\RedirectServers" (Office 2016)

Office 97 - 7.0

Office 98 - 8.0

Office 2000 - 9.0

Office XP - 10.0

Office 2003 - 11.0

Office 2007 - 12.0

Office 2010 - 14.0 (sic!)

Office 2013 - 15.0

Office 2016 - 16.0

Office 2019 - 16.0 (sic!)

 

Exchange 2010 2016 Migration, OAB Error, moved user, 0x8004010F

Migration Exchange 2010-2013-2016, OAB Error Outlook 2016, Exchange 2016

You want do download an Offline Adressbook OAB with a User which you migrated to Exchange 2016 at some point. You get Error "0x8004010F" while doing the Sync.

 

 

You checked all the OAB Settings on both Servers

Get-OabVirtualDirectory

Server Name Internal Url External Url

BUTSCHCAS1 OAB (Default Web Site) https://webmail.customer.com/oab https://webmail.customer.com/oab

BUTSCHEXC2 OAB (Default Web Site) https://outlook.customer.com/OAB https://outlook.customer.com/OAB

BUTSCHEXC1 OAB (Default Web Site) https://webmail.customer.com/oab https://webmail.customer.com/oab

Get-OfflineAddressBook | fl name,virtualdirectories

Name : Standard Offlineadressliste

VirtualDirectories : {BUTSCHCAS1\OAB (Default Web Site)}

Name : Standard Offlineadressliste (Ex2013)

VirtualDirectories : {}

 

The VirtualDirectories : {} is correct. Do not change.

This will assure that the request goes the FRONTEND (Default Web Site) or BACKEND part of the IIS Setup of Exchange 2016. Leave that.

If you messed around with Virtualdiretories of OAB > Reset it back what it was (Will only do this on 2016)

ERROR:

The offline address book "\Standard Offlineadressliste (Ex2013)" has virtual directories specified. Run the following

command to remove those virtual directories before attempting to set the GlobalWebDistributionEnabled parameter to

$true:

Set-OfflineAddressBook "\Standard Offlineadressliste (Ex2013)" -VirtualDirectories $null

Fix on all 2016 you have:

Get-OfflineAddressBook | Where {$_.ExchangeVersion.ExchangeBuild.Major -Eq 15} | Set-OfflineAddressBook -GlobalWebDistributionEnabled $True -VirtualDirectories $null

 

You checked all but still some pre-migrated or test users are unable to download the Offline Adressbook OAB from the 2016.

Check with Autokonfiguration

*uncheck checkbox GUESS both

* Run Test

* Check XML search <OABURL>

If you find the <OABURL>*** Line > good

If you do not find the <OABURL>*** Line > bad, you have the error we talk about

If you do not see this line in XML something is wrong and the reason you see the error led you here.

Workaround:

Move the User who has the problem 2016 side into another mailboxdatabase this will reset, per user, the OAB and maybe correct it.

new-moverequest -identity user02 -targetdatabase "mdb01" -baditemlimit 49 -Priority Emergency

Check again after move. Close and open Outlook >

Make Sure your Domain Controller (If more than one > Are synced).

Maybe Clear all APP-POOL's Cache > recycle under IIS of Exchange 2016 (If needed).

Re-open Outlook.exe

  • Incrementall will first fail
  • Re-sync FULL OAB (Not incremental > Remove checkbox)

Works now perfect

Check now and you will see that NOW you have the line we talked about

BACKUP configuration of Vmware ESXI with POWERCLI

Backup the config from a VMware ESXI free Version up to 6.7.

There is a nice way to backup the free ESXi configuration settings into one file. This us usefull to document the ESXi before you update it and don't want to make 200 screenshots.

  1. Download and Install POWERCLI from VMware.

https://my.vmware.com/group/vmware/downloads/details?downloadGroup=PCLI650R1&productId=491

 

  1. Start Power shell elevated (As Administrator)
  2. set-executionpolicy remotesigned
  3. run from "C:\Program Files (x86)\VMware\Infrastructure\PowerCLI\Scripts"

    .\Initialize-PowerCLIEnvironment.ps1

  1. Do the backup

set-executionpolicy remotesigned -Confirm:$False

Set-PowerCLIConfiguration -InvalidCertificateAction ignore -Confirm:$False

Connect-VIServer -Server 192.168.35.90 -User root -Password **********

Get-VMHostFirmware -VMHost 192.168.35.90 -BackupConfiguration -DestinationPath C:\20_SERVER_ESX_ASUS_P11C-M4L\03_ESX_CONFIG_BACKUP

Disconnect-VIServer -Server 192.168.35.90 -Confirm:$False

 

 

POWER CLI

C:\> Set-PowerCLIConfiguration -InvalidCertificateAction ignore -Confirm:$False

Scope ProxyPolicy DefaultVIServerMode InvalidCertificateAction DisplayDeprecationWarnings WebOperationTimeout

Seconds

----- ----------- ------------------- ------------------------ -------------------------- -------------------

Session UseSystemProxy Multiple Ignore True 300

User

AllUsers Ignore

 

 

C:\> Connect-VIServer -Server 192.168.35.90 -User root -Password imelsasswohntdegillesim

Name Port User

---- ---- ----

192.168.35.90 443 root

 

 

C:\> Get-VMHostFirmware -VMHost 192.168.35.90 -BackupConfiguration -DestinationPath C:\20_SERVER_ESX_ASUS_P11C-M4L\03_ESX_CONFIG_BACKUP

Host Data

---- ----

192.168.35.90 20_SERVER_ESX...

 

 

C:\> Disconnect-VIServer -Server 192.168.35.90 -Confirm:$False

 

 

 

 

 

Restore from the backup would be:

 

set-executionpolicy remotesigned -Confirm:$False

Set-PowerCLIConfiguration -InvalidCertificateAction ignore -Confirm:$False

Connect-VIServer -Server 192.168.35.90 -User root -Password **********

Set-VMHostFirmware -VMHost 192.168.35.90 -Restore -SourcePath C:\20_SERVER_ESX_ASUS_P11C-M4L\03_ESX_CONFIG_BACKUP \configBundle-192.168.35.90.tgz -HostUser root -HostPassword **

Disconnect-VIServer -Server 192.168.35.90 -Confirm:$False

 

 

You can view the config if you UNPACK 10x TAR and ZIP files from the backup file:

 

 

 

VMware Link:

https://kb.vmware.com/s/article/2042141