How to Safely Uninstall Exchange Security Updates without Impacting Server Functionality?

You need to install Exchange Security Updates (SU) and Cumulative Updates (CU) as and when available to fix vulnerabilities, enhance security, and get new features. However, after installation of the updates (SU or CU), sometimes you face a situation where any of the Exchange Server services (such as, EWS, transport service, etc.) will not start or you may encounter any other issues with the services. In such cases, you can try to uninstall the updates to resolve the issues.

You can uninstall a Security Update (SU) without any problem. But uninstalling a Cumulative Update (CU) can be a bit tricky and complex since it’s like an upgrade of the Exchange Server. Below, we will see how to uninstall Security Updates (SU) and Cumulative Updates (CU) without impacting the Exchange Server functionality.

How to Uninstall Exchange Security Updates?

Below, we will discuss the process to uninstall security update without impacting the functionality of the Exchange Server.

1. Stop the Exchange Services

First, you need to stop the Exchange Services by using the below command. Stopping the services will reduce the chance of any damage to the data or operations during the uninstall operation.

2. Locate and Uninstall the Update

Next, you need to find the update you’ve installed and uninstall it. Here are the steps:

• Open the Control Panel and go to Programs.
• Open Programs and Features and click on View Updates. Alternatively, you can open the Program and Features by running appwiz.cpl in the Command Prompt.
• From the list, find the Security Update (SU) you want to uninstall. You can look for its identifier (which is its KB number).
• Once you found the update, right-click on it and click on Uninstall.
• Follow the prompts to complete the uninstallation process.

3. Restart the Server

After the uninstallation process is complete, you can restart the server. This helps to ensure that the uninstallation operation is successful. After restart, check that all the Exchange Server services are started automatically. You can also perform a test of the Exchange Server.

4. Run Exchange Health Checker Script

It is recommended to run the Exchange Health Checker script. This will help you detect any issues which might cause performance and other problems after such changes. You can download the Health Checker script from the Microsoft GitHub web page.

To run the script, you can use the below syntax.

This will create an HTML file of the results.

How to Uninstall Cumulative Update?

Uninstalling a Cumulative Update (CU) is highly discouraged as it can impact the database health and integrity, and overall server functionality. Also, it can lead to data loss and other issues with the server. In case, you need to uninstall the Cumulative Update, follow the below process:

1. Stop Exchange Services

First, you need to stop the Exchange Services. For this, use the below command:

2. Install the Previous Cumulative Update

You should have the ISO image of the Cumulative Update you want to revert to. After mounting the database, run the below command to install it.

Best Practices to Follow when Managing Updates

Here are some practices you can follow when installing or uninstalling the updates to prevent any issues during and after the operation:

It is always recommended to fully backup the Exchange Server prior to installing the updates and also post the installation of the updates. This will help you to go back in case something goes wrong.

• Updates or any other out of the norm work should always be done outside the office hours and during a maintenance window.
• Before installing or preparing to install any updates, you should plan accordingly. Also, go through the readme file of the update. This will provide information about any known issues and other vital things that you need to know before installing the update/s.
• You can have a Database Availability Group (DAG) setup to ensure business resilience and failover. This will also add a level of protection when installing patches. You can first install the patches on a secondary server and after testing, install the patches on the primary server.

Conclusion

Though it is not recommended, you can uninstall a Security or Cumulative Update from the Exchange Server. After update uninstallation, you may end up with corrupted databases or transaction logs and non-functional Exchange Server, if something goes wrong during the operation. In this case, you can rebuild the Exchange Server with the same computer name, drive setup, IP Address, and software. However, the major challenge is recovering the data. Though you can easily restore from backup, it will result in data loss.

To avoid data loss, you can use Stellar Repair for Exchange – an Exchange repair tool that allows to repair corrupted databases of any size and from any Exchange Server version. After scanning the EDB file, it shows the full structure of the database, including user mailboxes, user archives, shared mailboxes, disabled mailboxes, public folders, and delete or purged items. You can then save the mailboxes and other items to PST and other file formats. In this situation, you can use the tool to export the EDB data directly to a live Exchange Server database. The tool can be also used to migrate data from EDB files to Microsoft 365.