Be warned that when you try to upgrade Exchange 2010 to SP1, there is one pre-requisite that is not documented anywhere. The SP1 pre-checks doesn’t see it and if you do not have this setting setup correctly, you will wind up with a broken exchange upgrade, all the exchange binaries will be removed from the server, however, your registry keys for exchange will still be there. You will not be able to reinstall exchange, when you try to use the recovery optin (setup.exe /m:recoverserver) it will also fail. The error that will show up when it fails the SP1 setup would look something like:
The following error was generated when “$error.Clear();
& $RoleBinPath\ServiceControl.ps1 EnableServices Critical
” was run: “AuthorizationManager check failed.”.
To avoid this issue, make sure you set the execution policy Unrestricted, anything else and the upgrade will fail.
First, remove any GP that affects the Exchange server that has the Windows Powershell – Execution Policy turned on
The configuration can be set under:
Computer Configuration -> Policies -> Adminstrative Templates -> Windows Components -> Windows Powershell
Then from the powershell prompt:
PS C:\Windows\system32> get-executionpolicy -list
Scope ExecutionPolicy
—– —————
MachinePolicy Undefined
UserPolicy Undefined
Process Undefined
CurrentUser Undefined
LocalMachine RemoteSigned
Change LocalMachine Policy to Unstricted. At the powershell prompt type:
PS C:\Windows\system32> Set-ExecutionPolicy -executionpolicy unrestricted -scope localmachine
Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose
you to the security risks described in the about_Execution_Policies help topic. Do you want to change the execution
policy?
[Y] Yes [N] No [S] Suspend [?] Help (default is “Y”): yes
Verify Settings:
PS C:\Windows\system32> get-executionpolicy -list
Scope ExecutionPolicy
—– —————
MachinePolicy Undefined
UserPolicy Undefined
Process Undefined
CurrentUser Undefined
LocalMachine Unrestricted
If you already run into this issue before seeing this post, the only way to get your broken exchange server back into service is to do the followings:
Open the registry editor
Export and delete the following keys
HKLM\SOFTWARE\MICROSOFT\Exchange Server
HKCU\SOFTWARE\MICROSOFT\Exchange Server
Exported – HKLM\System\CCS\Services
Deleted all the keys that start with Msexchange
Rename the Exchange server folder wherein you have installed the exchange binaries
Set IIS, WMI, Remote Registry services back to automatic
Recover the Exchange server by setup.com /m:recoverserver using the RTM binaries. It is best if you can just uninstall Exchange and start anew, but if this is not an option due to some configuration. Use the setup /m:recoverserver
Once you have recovered your Exchange server and validated features are working properly, you can now configure the Exectution Policy as described above and upgrade to SP1.
Seems like Microsoft overlooked this important pre-req. There are no documentations on how people should set Exectution Policy , especially to an Unstricted Policy and not using Group Policy. The Pre-Req checks should have caught this. Also, why on earth did Microsoft not sign their own powershell codes for the SP1 upgrade is beyond my logical comprehension.
Zero Day IT - Peter V Nguyen 