Exchange 2010 SP3 RU14 Released


Patch Tuesday this week heralded the arrival of Rollup Update Rollup 14 (RU14) for Exchange Server 2010 Service Pack 3.  RU14 is the latest rollup of customer fixes available for Exchange Server 2010. The release contains a security fix to address the issue in Microsoft Security Bulletin MS16-079, in addition to the previous fixes in RU13 and older.  Since security updates are delivered via a RU for Exchange 2010 and 2007, this is why a new RU was released.  Exchange 2013 and 2016 have a different release model, and security updates are decoupled from the standard cumulative updates.

To fix the issue on Exchange 2007, SP3 RU20 was released for that version of Exchange.  Separate security updates are available for supported versions of Exchange 2013 and 2016, and are linked from the security bulletin

Exchange 2010 SP3 RU14 Download

This is build 14.03.0301.000 of Exchange 2010, and KB3151097 has the full details for the release.  The update file name is Exchange2010-KB3151097-x64-en.msp

Note that this is only for the Service Pack 3 branch of Exchange 2010.  Why?  Exchange 2010 SP2 exited out of support on the 8th of April 2014 and will no longer receive updates.  Customer must be on Exchange 2010 SP3 to receive updates.

Also note that Exchange 2010 transitioned into its Extended product support lifecycle phase on the 13th of January 2015.  Exchange 2010 will now be serviced as per the extended support policy. 

 

Issues Resolved

This RU contains the security fix for MS16-079

 

Important Notes

The below are the normal notes to consider before deploying an Exchange RU.  In this case, the below must also be tempered with the fact that there is a security fix.

There are a couple of items to mention:

  • Test the update in your lab before installing in production.  If in doubt test…

  • Ensure that you consult with all 3rd party vendors which exist as part of your messaging environment.  This includes archive, mobility and management services.

  • Ensure that you do not forget to install updates on management servers, jump servers/workstations and application servers where the management tools were installed for an application.  FIM and 3rd party user provisioning solutions are examples of the latter.

  • If the Exchange server does not have Internet connectivity then this introduces significant delay in building the Native images for the .Net assemblies as the server is unable to get to http://crl.microsoft.com.  To resolve this issue, follow these steps:

    1. On the Tools menu in Windows Internet Explorer, click Internet Options, and then click the Advanced tab.

    2. In the Security section, click to clear the Check for publisher’s certificate revocation check box, and then click OK.

    We recommend that you clear this security option in Internet Explorer only if the computer is in a tightly controlled environment. When setup is complete, click to select the Check for publisher’s certificate revocation check box again.

  • Install the update from an elevated command prompt

  • Ensure that the Windows PowerShell Script Execution Policy is set to “Unrestricted” on the server being upgraded or installed.  See KB981474

  • Update Internet facing CAS servers first

  • Backup any OWA customisations as they will be removed

  • Uninstall any Interim Updates (IUs) before installing the RU.  You will have received these private files directly from Microsoft.

  • Disable file system antivirus prior to installing the RU.

  • Restart server after RU has been installed and then re-enable file system antivirus

  • Test (yes, technically this is in here for a second time but it is very important!)

 

Cheers,

Rhoderick

Comments (15)

  1. Aman Saxena says:

    Hello Team,

    Just wanted to know, does this update fix the security concerns for Exchange 2010 environment or this update also contains any other additional features as well?

    Regards,
    Aman Saxena

  2. Security updates for Exchange 2007 and 2010 must be delivered via a RU.

    This contains the above security fix, and also a DST update.

    Since RUs are cumulative, it includes the fixes from the previous SP3 RUs.

    Cheers,
    Rhoderick

  3. Peter Winston says:

    We deployed RU14 ion a 25,000 user Enterprise and soon had issues where Exchange 2010 servers run 100% on cpu utilisation. Hundreds of Outlook clients complained that Outlook shows "CONNECTING TO SERVER..." On deeper inspection it shows the Mailbox server Indexing or CI process was causing the problem.
    We rolled all back to RU12 and the system is stable again.

    1. Anand says:

      rhoderick, have you installed ru 14 since? Anyone else had issues?

      1. Amit says:

        We had the same issue on HUB/CAS. Edgetransport.exe is consuming 100% CPU. Mailbox servers are looking fine.
        Does anyone know any fix for it or shall we roll back to RU12?

        1. Amit says:

          We added below keys in EdgeTransport.exe.config file and restart transport service on all servers.

          https://blogs.technet.microsoft.com/exchange/2011/04/11/store-driver-fault-isolation-improvements-in-exchange-2010-sp1/

          It solved the issue for us. Hope this will help anyone.

        2. John De Clerck says:

          We too observed higher CPU after installing this update. Though not 100%, but average CPU quadrupled, and it didn't drop during off-peak hours like it did before UR14.
          It seems to be related to indexing: our users experienced issues using the delivery reports in OWA (no results were returned because 'the server was too busy').

          In the end, we were able to resolve the issue by first rebuilding all indexes on all databases, following this article: https://technet.microsoft.com/en-us/library/aa995966(EXCHG.80).aspx

          Be advised though, that this in turn causes high CPU load, so either do this off peak, or just a few databases at a time to avoid outage. (took us 48 hours to index about 6Tb of data)

          After that, we still saw higher load than before the update, but now from the ECP application pool. After recycling that application pool, all went back to normal.

          1. That is pretty good throughput if you indexed 6TB in a couple of days John.

            Though on the issue side, I'm not seeing this reported across the board either in forums or internally. I did have another customer that said RU14 tripled their storage IOPS.

            After going down the rabbit hole for 2 weeks, uninstalling the RU and monitoring and reviewing their deployment the root cause was nothing to do with the RU. The server restart had kicked in another change which their security team had made but the OS was not restarted when the change was originally made.

            If this is still happening to you, then please triple check that file system AV is excluding all of the Exchange content locations, processes are excluded and mount points are correctly excluded. I also expect this to apply to *ALL* scan types on the boxes.

            Links to the required exclusions and commentary in here:
            https://blogs.technet.microsoft.com/rmilne/2014/02/04/exchange-and-antivirus-exclusions-a-critical-conversation/

            Cheers,
            Rhoderick

            Cheers,
            Rhoderick

  4. Rahamat M says:

    Hi Team, Planning to upgrade from Exchange 2010 SP2 RU 6 to SP3 RU14, anything to be cautious about? Is the high CPU utilization a bug in RU14? We dnt have Exchange antivirus running on the system, but the OS is using Symantec Endpoint Protection. Please advice.

    Thanks,
    Rahamat

    1. SP2 RU6 to SP3 RU14? That is a lot of change right there since you are on a truly ancient build of Exchange.

      Double check the AV exclusions before you start, and disable it as you do the multiple installs.
      Exclusion lists are in this post: https://blogs.technet.microsoft.com/rmilne/2014/02/04/exchange-and-antivirus-exclusions-a-critical-conversation/

      Cheers,
      Rhoderick

      1. Rahamat M says:

        Thanks Rhoderick
        Have done the upgrade last Saturday and so far the environment has been stable.

  5. Striker says:

    We are planning to upgrade to Exchange 2016 . For this we are planning to update to Roll up 14 on our current environment.

    Current environment is Exchange 2010 SP3 UR 6 .

    t's mentioned that Supported Operating System for Update Rollup 14 For Exchange 2010 SP3 are
    Windows Server 2003 R2 Enterprise x64 Edition, Windows Server 2003 Service Pack 2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 R2 SP1, Windows XP

    https://www.microsoft.com/en-us/download/details.aspx?id=52766

    I have one of my exchange servers having UM role on Windows Server 2012 R2 Std. Will I be able to install Roll up 14 on Windows Server 2012 Also, as it is not mentioned in the supporting OS ? Also do i need any interim RUs or can I directly go to RU 14 from RU 6?

  6. I see a mention of Exchange 2010 installed onto Windows Server 2012 R2.
    If that is the case, this is not supported. Please see:
    https://blogs.technet.microsoft.com/rmilne/2013/09/17/exchange-support-for-windows-server-2012-r2/

    Cheers,
    Rhoderick

    1. Tila says:

      I have an existing 2010 sp2 exchange sitting on server 2012r2, the installtion went well but management tools arw not working.

      If indeed exchange 2010 installation is not supported on server 2012r2, can I introduce another exchange 2010 sitting on server 2012 or 2008r2 in same environment without issues? If yes, kindly advise how to go about it.

      Note: my AD is a windows server 2012r2 and an existing exchange 2003 exists as well.

      Thanks

      1. Oh - that is a lot of unsupported elements 🙁

        Can you install another Exchange 2010 box and move mailboxes? Yes.

        Am I guaranteeing no issues - no. There is just to much out of a supported deployment.

        You need to get rid of that Exchange 2003 box. It is almost 3 years since Exchange 2003 exited out of support......

        Cheers,
        Rhoderick

Skip to main content