Hello, We are having a problem with our Exchange 2010 server stopping and disabling all services on its own. It has happened twice in the last week and a half - the first time after manually applying a large number of deferred Windows updates (which are administered from a WSUS server) and the second time yesterday after Forefront 2010 for Exchange ran its own automatic updates (as far as I can tell reading Event Viewer). Forefront did not error out on anything that I can see. Googling around, I found somewhat similar issues but not quite like mine. This obviously cannot keep happening, and I want to keep things patched and up-to-date. The Exchange server is running on Windows Server 2008 R2 in a dedicated VM under Hyper-V. It is assigned 20 GB RAM, of which about 5 GB is usually free. It has 100+ GB free on both virtual hard disks. It is the only Exchange server in the forest. The domain controller is another VM on the same VM host (I know, I know, but I didn't set it up..) Any ideas on how to prevent this from happening in the future, short of disabling all updates? Thanks! Rhiannon

So in the events in the eventvwr actually mention the updates as the reason the services were stopped or you're just correlating this based on the timining? James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

This is the best thing I can determine based on what's in there. 8/11/2012 2:17:47 AM Forefront reports it performed a successful scan engine update. 8/11/2012 3:00:36 AM Beginning a Windows Installer transaction. 8/11/2012 3:13:57 AM Address Book service stops. 8/11/2012 3:13:57 AM Exchange Transport Log Search service stops. 8/11/2012 3:14:03 AM Transport scan disabled. 8/11/2012 3:15:05 AM edgetransport IP filtering database engine stopped. 8/11/2012 3:15:05 AM edgetransport Transport Mail Database engine stopped. And so on and so forth for every single Exchange service. Forefront also disables its realtime scan and scheduled scan. My co-worker notices he cannot receive mail the following morning (Sunday), logs in and notices everything is Stopped and Disabled. As far as I can tell, this most recent occasion was after Forefront updates its scan engine, and the previous occasion I know was immediately following the Windows updates because I was watching it all unfold realtime. Thanks Rhiannon

Any ideas on how to prevent this from happening in the future, short of disabling all updates? Thanks! Rhiannon Hi, If you have Forefront Protection installed, then its really not a good idea to automatically install Exchange Rollups or Service Pack. Forefront services should be disabled (fscutility /disable) before the installation of Exchange Rollups or SP and that is not done when patching with WSUS and can cause problems. ...and after a SP/RU has been installed, Forefront should be re-enabled again (fscutility /enable) Martina Miskovic

Martina, I agree with that concept, and I *thought* Automatic Updates had been configured for Download only / Notify to install, however in digging through the group policies today, I noticed there was only one policy for all machines, and it was set to install automatically. I created separate group policies for the workstations and servers, restricting the servers' Windows Updates to only as I manually go through and update them, as I *thought* I had had it set before (I don't trust the auto install / auto restart feature). Do you think that could actually be the whole cause right there? I still can't for the life of me figure out *why* it would disable all the services like that, unless somewhere there was some sort of built-in safeguard that did it. Thanks! Rhiannon

Do you think that could actually be the whole cause right there? I still can't for the life of me figure out *why* it would disable all the services like that, unless somewhere there was some sort of built-in safeguard that did it. Thanks! Rhiannon Yes, I think that was the reason. All Exchange Services is always automatically disabled in the beginning of a RU/SP2 install.Martina Miskovic

I'm not what will happen if you let windows update agent install the roll up since you need to disable the forefront controller service which removes the service dependencies. If you don't do this, the roll up will still run and install but when it gets to the end it will roll back entirely, this process could explain why it left your system in the disabled state.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

After digging some more, it really looks to me like this is all related to the Ex 2010 SP2 Rollup 2. I really, really wish this would have been at least mentioned in the release notes, as it appears that not only is this a common issue, but I'm reading it's a *REQUIRED STEP* to disable the 3 services and run the fscutility - nowhere is this mentioned that I could find in the release notes, installation instructions or errata. Not to mention that initially, this was pushed automatically via WSUS, overnight while I was sleeping, so this step couldn't have been followed even if I wanted to - this all happened in the background, without prior knowledge. This has been rectified to not happen again, but really - for an enterprise product - not evening a mention of these steps beforehand is really not good. We had all sorts of trouble because of this (email being down is not a minor issue). Rhiannon

Thank you for your help James and Martina! Rhiannon

It's not a matter of me "letting Windows Update install the roll up", as it did that on its own. The settings have since been modified at the Group Policy level to not automatically install anything without my intervention. IMHO, automatic installs / automatic reboots should never be allowed to be enabled on a Windows Server. Thanks again for all your help, Rhiannon

Forefront services should be disabled (fscutility /disable) before the installation of Exchange Rollups or SP and that is not done when patching with WSUS and can cause problems. ...and after a SP/RU has been installed, Forefront should be re-enabled again (fscutility /enable) Martina Miskovic That was true when I wrote it, but now when RU4 has been released its not :) Still...I don't think Exchange rollups should be installed manually. 2743871 Stop Forefront services in RU setup so no manual steps are required Martina Miskovic