Exchange 2010 Gotcha - #3

The TrustedInstaller - Isn't.

Generally, when applying patches (whether service packs or hotfixes or rollups), the installation process will automatically acquire all the necessary permissions - if the user executing the process CAN acquire those permissions. This is especially relevant under Server 2008 and Server 2008 R2, where an interactive logged in user has their access token artificially limited, even if UAC is disabled.

However, the Exchange 2010 update installer either drops administrative permissions too early or never acquires all of the permissions that are necessary. When applying update rollups, binaries are updated just fine - but OWA source files are not.

This commonly leads to a patch application that appears successful - but it isn't. When testing OWA after an update-rollup appliction, a common error is "syntax error in flogon.js at 1, 1." This is an indication that the patch was NOT installed with administrative permissions.

Reapply the patch with administrative permissions.

Note: I have heard reports that this begins to affect Exchange 2007 AFTER the application of service pack 2, when Exchange 2007 is installed on Windows Server 2008.

This has (at this writing) been seen to affect Exchange 2010 UR1, UR2, and UR3.

To properly ensure that an application of an update-rollup has adequate permissions, do one of the following:

  • Right-click on the patch (filename.msp) and click on "Run as Administrator"
  • Open an elevated command prompt and then start the patch (just enter filename.msp). To open an elevated command prompt, click Start, then enter "cmd" into the search area, right click on the cmd.exe that appears in the results area and click on "Run as Administrator".
  • Open an elevated PowerShell session and then invoke the patch (enter "ii filename.msp"). The open an elevated PowerShell session, click Start, then enter "PowerShell" into the search area, right click on the "Windows PowerShell" that appears in the results area and click on "Run as Administrator".

Until next time...

If there are things you would like to see written about, please let me know.

Published Thursday, April 22, 2010 4:16 AM by michael

Comments

Thursday, April 22, 2010 7:57 AM by jeremy

# re: Exchange 2010 Gotcha - #3

Was unaware of the possible differences in permissions with a logged in user.  Something to keep in mind for the future.

Thanks.

# Active Directory RoundUp 4/30/2010 - The Experts Community

Pingback from  Active Directory RoundUp 4/30/2010 - The Experts Community