Exchange 2010 SP1 – A Warning

Please note that this issue also appears to also occur with Exchange 2010 SP2

Be warned; if you attempt to upgrade an Exchange 2010 RTM install to Exchange 2010 SP1 and you do not have the correct Powershell Execution Policy in place (and I’m not entirely sure what that is, it’s not documented anywhere obvious but it appears that Unrestricted works – although some have said that it doesn’t – and I can assure you that RemoteSigned doesn’t) it will not warn you, it will not avoid it, it will simply break halfway through the install and leave your server in a state whereby the Exchange binaries are all deleted, half your Windows services are disabled and all the Exchange cruft is still in the registry. The error is akin to the following:

The following error was generated when "$error.Clear();
& $RoleBinPath\ServiceControl.ps1 EnableServices Critical
" was run: "AuthorizationManager check failed.".

The only fix I’ve found for this, after sorting the Powershell Execution policy is to delete all the Exchange keys from HKLM\Software\Microsoft\Exchange and HKLM\Software\Microsoft\ExchangeServer, restart all the disabled services (IIS, WMI, Remote Registry, etc) then run the Exchange 2010 RTM “setup.com /M:RecoverServer”, wait for it to complete and then attempting the SP1 install again.

All I can say is thank god I didn’t test this on a server that happened to have the correct Execution Policy and then subsequently deploy it into production onto one that didn’t.

Update: Thanks to Martin for pointing me to http://support.microsoft.com/kb/981474 – it looks like it’s not so much what the Execution Policy is set to, but how it’s set. Seems like a really stupid oversight to me; surely Microsoft must have expected people to use GPOs to set Powershell Execution Policies – at the very least some detection logic in the installer to warn the user would be nice.

Published by

Adam

I am the person responsible for all this, that's all you need to know.

6 thoughts on “Exchange 2010 SP1 – A Warning”

  1. It is still a problem in the RTM build. setting execution mode to bypass is what i was told to do. Will be trying it shortly.

  2. It still doesn’t work. I set the powershell exectution policy to unstricted via GP and the setup still fails. After running a get-executionpolicy -list I get the below, even with GPDATE /FORCE ran. Seems like Microsoft should’ve written about this before rolling this POS out, causing so much issues
    [PS] C:\Windows\system32>Get-ExecutionPolicy -list

    Scope ExecutionPolicy
    —– —————
    MachinePolicy Unrestricted
    UserPolicy Undefined
    Process Undefined
    CurrentUser Undefined
    LocalMachine RemoteSigned

Leave a Reply

Your email address will not be published. Required fields are marked *