Wednesday, November 16, 2011

How to Prevent WSUS from Offering Exchange SP1 Update Rollups

Microsoft's servicing strategy for Exchange Server 2010 is to release updates every six to eight weeks.  They do this using Exchange service packs for major updates and update rollups for minor updates.  Update rollup packages are cumulative.  For example, if you apply Update Rollup 5 on a computer that is running Exchange 2010 SP1, you receive all the fixes in that specific update package together with all the fixes that were released in all earlier update rollup packages.

Microsoft recommends using Windows Update to update Exchange Server 2010.  However, the Exchange team always announces the update on the EHLO Blog, along with the download link, before it's available in Windows Update.  It is usually published to Windows Update about four weeks later.

This causes an interesting issue for "early adopters" of update rollups.  If you install the latest update rollup on a new Exchange server before it becomes available on Windows Update, WU will offer the latest update that's published.  For example, say you build a new Exchange 2010 SP1 server today and install update the latest update (Update Rollup 6 for Exchange Server 2010 SP1 at the time of this writing) before it's available on Windows Update.  When you run Windows Update, it will offer Update Rollup 5 for SP1 as an important update.


You will need to ignore the "important" update until UR6 for SP1 is released to Windows Update.  An important thing to know is that if you choose to hide the update in Windows Update (right-click the update and choose "Hide update") Windows Update will offer the previous update (Update Rollup 4v2 for Exchange Server 2010 SP1).

While this is not the end of the world, I find it annoying to have Windows Update notify me about missing important updates that I don't need.  I have been told by the product team that installing update rollup 5 on top of UR6 has no adverse effect.  The version number stays the same at 14.1.355.2.

If you find you have new Exchange 2010 SP1 servers that have only UR6 installed, you can prevent Windows Update from offering a lower level update rollup by creating a key in the registry for the earlier update rollup.  Add the following key to the registry on the Exchange 2010 server:


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AE1D439464EB1B8488741FFA028E291C\Patches\ED0E3CF125E478A45898D3FE635D1A48]

This is the key for Exchange Server 2010 Update Rollup 5 for Service Pack 1.  Only the key needs to exist, no other registry settings under that key are necessary.


Once you enter the key, run Windows Update and check for new updates.  It will no longer offer Update Rollup 5 or any of the previous Exchange 2010 SP1 update rollups on that Exchange 2010 server.

IMPORTANT: If you decide to do this fix and later decide to uninstall Update Rollup 6 for some reason, Windows Update will no longer offer Update Rollup 5 or any other previous Update Rollup.  You should remove the UR5 registry key to have Windows Udpate offer it again.

In case you're interested, here are the keys for the all of the Exchange 2010 update rollups.  They all go under the same hive: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AE1D439464EB1B8488741FFA028E291C\Patches

UR1: B21CB5B0FF13D4A4FBF45BB74CB5E6CB
UR2: 62FDBB94684A6CC46AB7C99E25821A6E
UR3v3: BC65CCFC97BDEEE4A9DA13EB7E2EB4C8
UR4v2: 04FB6D4FFE4E25D40AFE313A67E5CA88
UR5: AE1D439464EB1B8488741FFA028E291C
UR6: A739E2C061A24634C937FD998041DD84

6:00 PM