penguyen

Technolgy et al

Posts Tagged ‘“$error.Clear(); & $RoleBinPath\ServiceControl.ps1 EnableServices Critical’

Exchange SP1 Upgrade – Warning

Posted by penguyen on August 22, 2011


Be warned that when you try to upgrade Exchange 2010 to SP1, there is one pre-requisite that is not documented anywhere. The SP1 pre-checks doesn’t see it and if you do not have this setting setup correctly, you will wind up with a broken exchange upgrade, all the exchange binaries will be removed from the server, however, your registry keys for exchange will still be there. You will not be able to reinstall exchange, when you try to use the recovery optin (setup.exe /m:recoverserver) it will also fail. The error that will show up when it fails the SP1 setup would look something like:

The following error was generated when “$error.Clear();
& $RoleBinPath\ServiceControl.ps1 EnableServices Critical
” was run: “AuthorizationManager check failed.”.

To avoid this issue, make sure you set the execution policy Unrestricted, anything else and the upgrade will fail.

First, remove any GP that affects the Exchange server that has the Windows Powershell – Execution Policy turned on
The configuration can be set under:
Computer Configuration -> Policies -> Adminstrative Templates -> Windows Components -> Windows Powershell


Then from the powershell prompt:

PS C:\Windows\system32> get-executionpolicy -list

                                                      Scope                                             ExecutionPolicy
                                                      —–                                             —————
                                              MachinePolicy                                                   Undefined
                                                 UserPolicy                                                   Undefined
                                                    Process                                                   Undefined
                                                CurrentUser                                                   Undefined
                                               LocalMachine                                                RemoteSigned

Change LocalMachine Policy to Unstricted. At the powershell prompt type:

PS C:\Windows\system32> Set-ExecutionPolicy -executionpolicy unrestricted -scope localmachine

Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose
you to the security risks described in the about_Execution_Policies help topic. Do you want to change the execution
policy?
[Y] Yes  [N] No  [S] Suspend  [?] Help (default is “Y”): yes

Verify Settings:
PS C:\Windows\system32> get-executionpolicy -list

                                                      Scope                                             ExecutionPolicy
                                                      —–                                             —————
                                              MachinePolicy                                                   Undefined
                                                 UserPolicy                                                   Undefined
                                                    Process                                                   Undefined
                                                CurrentUser                                                   Undefined
                                               LocalMachine                                                   Unrestricted

If you already run into this issue before seeing this post, the only way to get your broken exchange server back into service is to do the followings:
Open the registry editor
Export and delete the following keys
HKLM\SOFTWARE\MICROSOFT\Exchange Server
HKCU\SOFTWARE\MICROSOFT\Exchange Server
Exported – HKLM\System\CCS\Services
Deleted all the keys that start with Msexchange

Rename the Exchange server folder wherein you have installed the exchange binaries

Set IIS, WMI, Remote Registry services back to automatic

Recover the Exchange server by setup.com /m:recoverserver using the RTM binaries. It is best if you can just uninstall Exchange and start anew, but if this is not an option due to some configuration. Use the setup /m:recoverserver

Once you have recovered your Exchange server and validated features are working properly, you can now configure the Exectution Policy as described above and upgrade to SP1.

Seems like Microsoft overlooked this important pre-req. There are no documentations on how people should set Exectution Policy , especially to an Unstricted Policy and not using Group Policy. The Pre-Req checks should have caught this. Also, why on earth did Microsoft not sign their own powershell codes for the SP1 upgrade is beyond my logical comprehension.

Posted in Exchange | Tagged: , , | Leave a Comment »

 
Follow

Get every new post delivered to your Inbox.

Join 413 other followers