Summary

Keeping your Exchange servers up to date (and keeping your infrastructure up to date) is more important than ever. That’s why we recommend that customers always install the latest Exchange Server updates. We know that updating software can be burdensome, so we’re continuously looking for ways to improve the Exchange Server update experience to help customers get current and stay current.

Today, we’re excited to announce that we have made changes in the way we deliver Security Updates (SUs) and Hotfixes (HFs) for Exchange Server. These changes address the biggest issue customers face when updating—installing updates with insufficient permissions, and as a result possibly leaving the Exchange server in a bad state.

Historically, Exchange Server SUs have been packaged as Windows Installer patch (.msp) files, which are self-contained packages containing the information required to update the application. A requirement of using .msp files is that they must be installed using elevated permissions.

Installation of .msp files happens in the security context of the account used to install the update. If User Account Control (UAC) is enabled (which we strongly recommend) and you manually install the update by double-clicking the .msp file, the installation process runs in a non-elevated mode, which often results in a bad server state. For this reason, with each SU release we have reminded admins to install the update from an elevated command prompt.

Starting with May 2022 SU release, we will now ship SUs and hotfixes in two different packages:

  • Windows Installer patch file (.msp), which works best for automated installations

  • Self-extracting, auto-elevating installer (.exe), which works best for manual installations

We will continue to release the .msp file via Windows Update and the Microsoft Update Catalog. For admins who manually install updates, the new .exe package is the best option.

Note: This new packaging is for SUs and hotfixes only. It does not apply to Cumulative Updates (CUs) or Interim Updates (IUs). CUs already check for the proper permissions before allowing Setup to proceed.

Known issues

When you run the EXE package, you may receive an error message that resembles the following:

ERROR: Exchange Setup couldn’t extract the contents of the patch file. More information: Could not find a part of the path ‘C:\Users\<USER>\AppData\Application\Temp\Exchangeserver.msp’

This issue may occur if the %temp% folder does not exist on the system. The %temp% folder exists by default but may have been removed.

To work around this issue, create a folder named “Temp” in the following location (where <USER> is the user name in the %USERPROFILE% path:

C:\Users\<USER>\AppData\Application\

About the EXE Package

The EXE package is a wrapper for the .msp file that ensures the installation runs with the required permissions. To install the update, simply double-click the .exe file and follow the instructions. The installation process checks permission prerequisites and if the check fails, it will try to elevate the permissions to the required admin level:

  • If elevation is not successful, installation stops without making any changes to the Exchange server.

  • If elevation is successful (or if the proper admin permissions are already in use), the package will extract the .msp file into the current user’s temp folder and start the installation process.

Whether or not the installation is successful, the package also performs cleanup by deleting the extracted temporary files.

Installation Logging

The .exe package automatically logs the installation process, including verbose and debugging information. This allows the logs to be used to troubleshoot failed installations.

Here’s how logging works:

  1. The package queries the “MsiInstallPath” registry value under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\v15\Setup to determine the Exchange Server installation path

  2. It creates a subfolder under the Logging directory called Update and under that folder, two more subfolders: msi and exe

  3. The log files are then written to these two folders in this format:ExchangeUpdate_{yyyy-MM-dd-HHmmss}.log

The exe folder contains log files which are generated by the .exe wrapper, the msi folder contains verbose and debug logs, generated by the msiexec process during processing of the .msp package.

exe and msi folders

Error Handling

If the installer can’t determine the Exchange Server installation path, the logs will be written to msi and exe subfolders under %temp%\Exchange Update\Logging.

If the installer can’t write to the log files, it will log an exception into the Application event log. If you don’t find any log files related to the installation of an Exchange Server SU or HF, check the Application event log for events with Exchange SU Installer as the Event Source. These events should indicate why the logs could not be written.

These are the most common events being logged by the exe wrapper:  

Log entry (What we log)

Description (What it means)

INFO: Copying temporary files to {0}.

The temporary .msp file is being copied into a temp folder.

INFO: Deleting temporary files {0}.

The unwrapped .msp file was deleted pre/post installation.

INFO: Exchange Server Update is being installed.

Happens when the installation of the .msp file is initiated.

COMPLETED: The Exchange Server Update installed successfully.

The Exchange Server update was successfully installed.

ERROR: The extracted files could not be found at {0}.

The unwrapped .msp file was not found and therefore the installation failed.

WARNING: The Exchange Server Update requires a reboot to complete installation.

Installation was successful and a reboot is pending to complete the process.

ERROR: Exchange Setup couldn’t extract the contents of the patch file. More information: {0}.

A problem occurred during the extraction of the temporary .msp file. An exception message will also be logged.

ERROR: While installing the Exchange Server Update, error {0} occurred.

Encountered an error occurred during installation. The error code will be logged.

Command Line Usage

The new update package supports the following command line parameters, that can be used to install those Exchange updates in unattended mode or as part of your own automation.

Parameter

Description

Msiexec equivalent

/passive

Specifies unattended mode where installation shows only a progress bar.

Note: If a restart is required for the update, using this switch will restart the server automatically.  

msiexec /p filename.msp /passive /l*vx

/silent

Specifies quiet mode - no user interaction is required.

Note: If a restart is required for the update, using this switch will restart the server automatically.

msiexec /p filename.msp /quiet /l*vx

/forcereboot

Installs the update and reboots the computer only if required.

msiexec /p filename.msp /l*vx

shutdown.exe /r /t 0

/help

Shows all available parameters.

msiexec /help

Note: Even if the installer doesn’t prompt for a reboot, it’s strongly recommended to restart the server after installation. 

We hope you find that the new .exe update package improves your Exchange Server update experience and makes it easier for you to stay current.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.