Patching a SharePoint 2013 farm: Step-by-Step Installation guide.

sharepoint2013

I often to stumble around in my early days as a SharePoint administrator while patching a SharePoint farm with the latest Cumulative updates and after putting together some years of experience in SharePoint administration I finally reached a point where I could confidently patch a farm without encountering any issues.  So, if you’re a SharePoint guy who takes care of the SharePoint environment in your firm and one fine day you’ve been asked to patch the farm then this is the article that you need to follow.

As always you may not be able to get it right the first time but let’s not forget that practice makes a man perfect .  As always try to patch your UAT and TEST environment first and try to validate the farm post the CU installation. Once you confirm that everything looks good then proceed further to the PROD farm .Never ever patch a SharePoint PROD farm directly without testing the patch in other environments, that’s the basic thumb rule to follow as a SharePoint consultant. Now let’s look at the steps in a detailed manner.

ATTENTION:

Be aware that all Updates for SharePoint 2013 require SharePoint Server 2013 SP1 to be installed first.

  1. Downloading the Cumulative Update package from Microsoft site:

Before beginning, please be advised that SharePoint doesn’t need separate CU’s for foundation version as well as for server version. The CU for server version of the SharePoint application (i.e. SharePoint server 2013 enterprise/standard version) will include the fix for the foundation version as well.

Now let’s get started ….

Please look for the required Cumulative update which you want to install and then download it from the Microsoft website. For instance, if you’re planning to install the October 2016 CU for SharePoint server 2013 in your farm then just search as “October 2016 CU for SharePoint server 2013 “and you will get the link to download the package.

Ex: For October 2016 CU, this is the download link: _ https://support.microsoft.com/en-us/kb/3118366 .

In lieu to the MS site, you can also refer to Todd Klindt’s blog. This blog provides the list of all the CU’s and it provides the link to download the respective update. In addition to that Todd Klindt does an awesome job on reviewing all the CU’s that has been released for SharePoint. The reviews contain information such as the bugfixes involved in the CU, the issues that got newly introduced post installing that CU and what to do to fix the new issues.

Ex:  For October 2016 CU, you can refer this link in Todd Klindt’s blog site: _ http://www.toddklindt.com/blog/Regressions/sp2013oct2016cu.aspx

1

Now to download this CU, please click on the download link and you will be redirected to Microsoft site from where you need to download the CU. Choose the appropriate language and click on the “Download button” as shown in the image below.

2

The next page will ask to choose the files you need to download, please check all the three files and make sure that you’re downloading them to the same folder.

3So, till now we looked on how to download the CU packages, now let’s look at the things which has to be backed up prior to patching your farm.

2. Taking necessary backups:

There are certain things which has to be backed up prior to patching your environment and please find the details below.

a) First take a SharePoint farm backup using the backup option in Central Administration site. You can also do this using the below mentioned PowerShell command. Also refer this TechNet link to know in detail about the SharePoint farm backup.

Backup-SPFarm -Directory <BackupFolder> -BackupMethod {Full | Differential} [-Verbose]

b) You can schedule the Farm backup the night prior to CU installation hoping that no changes will be made to SharePoint farm post that . If you’re planning to patch the PROD farm on Saturday morning with appropriate downtime then please schedule a farm backup at midnight on Friday.

c) Take the necessary IIS backups.

d) Also take a backup of the web. config file in IIS. This is the place where all the customizations are saved. Take a look at this link to understand how to back up the web.config file in SharePoint using PowerShell.

https://sharepintblog.com/2011/09/15/backup-sharepoint-web-config-file-with-powershell/

e) Optionally you can also backup all the customizations in the farm if your SharePoint farm is heavily customized. Take a look at the TechNet article link mentioned below to know in detail about backing up the customizations in a SharePoint farm.

https://technet.microsoft.com/en-us/library/ee748642.aspx

f) Also back up all the WSP files that’s deployed in the farm. This is not a mandatory step but if you feel that this is required, you can do this using the below mentioned PowerShell script.

                                       $farm = Get-SPFarm

                           $file = $farm.Solutions.Item(“solution.wsp”).SolutionFile

                                       $file.SaveAs(“c:\Solution.wsp”)

g) Finally once all the backups have been taken the most important thing to do is to have a Snapshot of all your SharePoint servers and if possible the backend SQL server too. Though you have a complete farm backup in place, please note that it’s not enough to do a complete farm restoration if something goes wrong and in such cases you might need to rely upon the snapshots for restoration. Take a look at this link below to know in detail about SharePoint Snapshots.

https://blogs.msdn.microsoft.com/mossbiz/2013/01/14/sharepoint-vs-snapshots/

3. Pre-Installation Steps:

There are certain pre-requisites that you need to do prior to installing the package and one among them is to run the “Robust Office Inventory Scan” script to find out the status of SharePoint/Office products installed in the server. The script will generate a log by which we can find if there is any patch or chained product missing. If so, you need to fix that issue first. If the log does not mention any errors under “Review items” section, we are good to go. You can also download the script from the below mentioned link

https://gallery.technet.microsoft.com/office/68b80aba-130d-4ad4-aa45-832b1ee49602

Once this is done and you verified that there are no errors reported under “Review items” section in the logs, please go ahead and suspend the “Search service “.

Suspending the Search service is a very important step to do prior to installing the CU and failing to do so might break the search crawl. It may be possible that when you check, there is no crawl running. However, if a crawl is triggered by schedule which occurs during the installation, the search application may crash or lead to inadvertent results. In worst case, you might end up rebuilding the entire search application.

Hence to make sure there is no crawl running currently and no crawl will be triggered during the installation, pause the search application. For this, open “SharePoint 2013 Management Shell” using the farm service account and then execute the below command.

Suspend-SPEnterpriseSearchServiceApplication –Identity “SearchServiceApplicationName”

4

 This command will take a couple of minutes to execute. Once it is executed, navigate to the search service application in CA and verify that its status is showing as “Paused: for external request” as shown in the image below

5.png

If you go to Content Sources, you should see the status as “Paused by system”.

6

 4. Installing the Cumulative Update Package:

Once you’ve confirmed that the above mentioned pre-requisites have been taken care, now it’s time to go ahead and install the CU. Please follow the steps mentioned below to install the CU package.

Note: Installing the CU doesn’t require any specific order, you can do it on any server in the farm and then go on by installing it on other servers in the farm (meaning you can do it on the WFE server first and then on the APP server). However, that’s not the case when you would be rebooting the server post the installation or when you would be running the “SharePoint Configuration Wizard”. There’s a specific order to be followed while doing that and I’ll be discussing in detail about that later in this article.

1.  Navigate to the folder where you have downloaded the package and double-click on the package to install it. Please note that it’s mandatory to keep all the three executables (package as well as Cabinet files) in the same folder as shown in the screenshot below.

7.png

2. On the “End user license agreement page”, select the accept check box and click continue.

8

3. Now it will start the installation. Installation will take around 20-30 minutes. It will first start with extracting the files as shown in the screenshot below.

9

4. On the next screen, it will be loading the files to be updated as shown in the image below.

10

5. In the next screen, it will be installing the package as shown in the image below.

11

6. Post installation, if it prompts for reboot, click Yes as shown in the image below.

12

7. Finally, once the installation is complete, go to Control Panel and verify whether the package has been installed correctly as shown in the image below. For some reason if it’s not showing up here you need to troubleshoot and identify what’s causing the trouble.

13

5. Running the SharePoint Configuration Wizard:

Once you’ve confirmed that the CU package has been installed successfully and it’s showing up correctly under Control Panel now it’s time to go ahead and run the SharePoint Configuration Wizard. However, before doing so I would like to talk a bit about the order to be followed while installing the CU.

As I previously mentioned in this article, it’s ok to go ahead and install the CU in any order on the server. However, based on my experience with installing the CU I would suggest you all to do it on the WFE server first. Ensure that the WFE is taken out of the Load balancer pool so that it’s not serving user traffic and then go ahead and install the CU and reboot the server. Once the server comes back online verify whether all the components have been installed correctly under Control Panel and the Central administration site is accessible. This is just to ensure that the installed CU didn’t do any harm to the server. It’s ok to lose a WFE but not a APP server, I hope you’re getting the idea here .Also by any chance if you’re patching the farm on the business hours (which might ideally not be the case unless it’s a TEST /UAT farm) then make sure that the server on which you’re installing the CU is taken out of the load balancer so that the user traffic doesn’t goes to that server. So, the idea to keep in mind is, do it on the WFE servers first and then on the APP server.

Point to note while running the SharePoint Configuration Wizard:

Unlike the CU installation you can’t run the “SharePoint Configuration Wizard” in any order, it must be running on the server which is hosting “Central Administration” site first and then on the WFE and APP servers.  It’s a 6-step process which might take an hour at the max (in an ideal scenario) to run and complete. Once it’s completed successfully on the server where CA is hosted, please try opening the CA site and make sure everything looks fine and make sure you’re able to access the SharePoint sites. By any chance if the CA site is not coming up, please stop right there and fix it. Without fixing the CA site issue, please don’t proceed further with running the Configuration wizard on the other servers. This is the basic thumb rule to be followed while patching a SharePoint farm.

Now, let’s look at the steps to run the SharePoint Configuration Wizard….

  1. Open SharePoint management shell with elevated permissions using the farm service account and run the below mentioned command as shown in the image below.

PSConfig.exe -cmd upgrade -inplace b2b -force -cmd applicationcontent -install -cmd installfeatures

14

2. It will take few seconds and start the upgrade process.

15

3. It’s time to go for a coffee now as it will start running a series of 6 steps to finish the configuration. Please check the steps below.

16

17

18

  1. The configuration wizard will have 6 steps which will be executed one by one. It should complete all 6 steps successfully. If it fails somewhere in the middle, you will need to check the “PSDiagnostics Logs” in the ULS logs folder. Find the issue, fix it first and then run the above command once again. Once all the steps are completed successfully, you are done.
  2. Repeat the above mentioned 4 steps on all the servers in the farm.

Once the Configuration wizard is successfully done running all the 6-steps it’s time to go ahead and do some post-installation steps ,let’s look at them.

6.Post Installation steps:

  1. Verify all the SharePoint and IIS services are up and running. If not, start them.
  2. Go to IIS Manager and verify application pools and sites are in started/running state.
  3. Open CA and the web applications and make sure they are opening fine
  4. Go to “Manage servers in the farm” section in CA and check for the version number on Configuration database version and make sure it’s showing the version number correctly. Ex: For January 2016 CU, it should show the version number as 15.0.4787.1000 as shown in the image below.

19

5. Check “Manage Servers in this Farm” page in Central administration. This page will also tell you if you need to run the SharePoint Products Configuration Wizard on a server to complete the upgrade process. Make sure every server in your SharePoint farm is upgraded and displays the status as “No Action Required” as shown in the image below.

patch 3.png

 

 

6. You can check the patch status on each and every individual server with “Manage patch status page” (Central Administration >> Upgrade and Migration >> Check product and patch installation status)

patch 1.PNG

patch-2

 

7. Also check the “Check upgrade status” page which will give you the detailed information on upgrade status as shown in the image below.

patch-4

 

8. Finally, resume the search service application using the below mentioned PowerShell command

Resume-SPEnterpriseSearchServiceApplication –Identity “SearchServiceApplicationName”

20

  1. Verify search service application is not paused and it’s in running state.

21

10. Also, please go to the content sources section in the Search administration page and kick start a full-crawl.

11. Now add the servers back to the Load balancer pool so that they start serving user traffic and try to load the SharePoint sites from PC’s which belong to different geographical locations and check the time taken to open the site.

12. Also, check the custom functionalities in the site such as third party WSP’s, site features, custom web parts, custom site templates etc. and make sure everything works fine.

13. You could also run the ROIScan tool post the patching and verify the status of all the patches that has been installed and ensure that nothing is showing up under “Review items” section in the logs.

So finally, once you confirm that everything remains fine and the SharePoint farm remains intact post patching then this confirms that you’ve successfully patched the SharePoint farm. As I already mentioned in the beginning, you may encounter some issues as well as some errors while patching the farm and please don’t feel bad or demotivated by that. It takes a lot to successfully patch a SharePoint farm and by experience you can master in that.

If you ever feel that the patching task takes a lot of time and you need to find an alternative solution for that, please take a look at this link to know about the scripted way of patching a SharePoint farm.

https://blogs.msdn.microsoft.com/russmax/2013/04/01/why-sharepoint-2013-cumulative-update-takes-5-hours-to-install/

Thanks for reading this post ……. Happy SharePointing!!!!!!

 

 

 

 

 

 

 

 

Advertisements

40 thoughts on “Patching a SharePoint 2013 farm: Step-by-Step Installation guide.

  1. Enjoyed reading this article. It articles the update/patching process very well. Following these steps exactly will help many a SharePoint admin team be able to get home earlier from a scheduled dowtime. Cheers

    Liked by 1 person

  2. I want to install this CU and its my 1st time for any installation on production, the machines are not upgraded after SP1, i mean they are patched using windows update but configuration wizard was never executed, would it be safe to install this then ?

    Like

    1. It depends on which CU you’re installing , please check the pre-requisites for the CU that you’re installing and follow it . For the most part any SP 2013 CU would require SP1 to be installed . Yes , the windows patches are required for CU ‘s and I would also say it would be worhwhile you to try running the config wizard once using the UI and see if it goes .

      Like

  3. Hello,

    What is your experience with installing just the security updates that are a part of a CU?

    For example the November 2016 CU for SharePoint 2013 included a security update for word automation vulnerability. Since the cu install takes awhile and not recommended unless experiencing an issue we are looking to install only security updates but would like to know if we need to run config wizard after installing security update?

    Like

  4. We have public facing website the last patch was done in the month of May 2015 and we have not done any updates to SharePoint till to date. Only windows patches were done recently In month of December 2016. Will it cause any issue if we don’t do SharePoint patches. I have gone through many of the websites regarding the patches. Can you please let me know when should we often patch SharePoint if there are no current issues with environment

    Thanks,
    Naga

    Like

    1. Hi Nag ….Glad that you asked .There’s no specific time frequency to patch your SharePoint farm unless and until MS has rolled out the fix for a bug on an upcoming CU and you’re looking for that or may be if your organization always prefers to stay upto date so that they get to enjoy all the latest features .But my advise would be to stay upto date to remain complaint .So please try to patch your farm with the latest CU , try the CU in DEV and TEST first and then on PROD . May be you can think about patching your farm once in 2 months as CU’s are cumulative

      Like

  5. Hi Nag,

    We have not installed any sharepoint patches since Feb 2015. But now we want to install the sharepoint patches. Shall we install only the latest patch or all the patches that has been released since Feb 2015?

    In another farm our team has installed the patches but they have not run PSConfig since last 2 years. Can we run the PSConfig now? Will it have any impact?

    Could you please guide.

    Like

    1. Hi Chinmayee,
      To answer your first question , you can directly go ahead and install the latest patches as long as your SharePoint farm has the latest Service Pack .I assume your running a SharePoint 2013 farm and hence please make sure it has the SP1 .I can see that you’ve mentioned that the farm has already been patched with Feb 2015 CU and I guess SP1 is mandatory for that CU , so this time you can directly go ahead and install the latest patch .As always , try it on DEV first , then on TEST and finally on PROD .

      For the second question , did your team run PSConfig the last time they patched the server ? Running PSConfig won’t hamper anything but before doing so go to installed patches in Control panel and check whether all the patches were installed successfully when you patched the server last time .Also , try to download and run the ROIScan tool . Once done and you feel everything is fine you can run the Config wizard , do ensure that you’re following the correct order while running the Config wizard .

      Like

  6. What’s up,I read your blog named “Patching a SharePoint 2013 farm: Step-by-Step Installation guide. – Vignesh’s SharePoint Thoughts” on a regular basis.Your humoristic style is awesome, keep it up! And you can look our website about proxy list.

    Like

    1. Well that shouldn’t be a problem becuase we have tried that in our environment as well .But make sure you have all the necessary backups before proceeding further .Also try it on TEST on UAT first before proceeding with PROD .

      Like

  7. Vignesh,
    I am planning to add a app server to the existing production farm (i used the ISO with service pace 1). I had previously patched a cu and i have recently patched a cu to our production farm with march 2017 cu.
    Now since i am adding a new app server, do i add only march 2017 cu or the cu before that as well? I am confused .
    I am also confused since i have made changes to the web application in the app server while creating a fba, do i change the new web.config or not.
    Is there a blog or guide on adding new app server to a existing 3 tier farm? What other additional installations are required (like ssrs client, sql client, etc)
    Thanks.

    Like

    1. Hi Vas ,
      Let me try to make this simple for you . Whenever you’re adding a new server to an existing SharePotint farm you need to make sure that the new server has the CU which is already present on all the other servers in the farm ( meaning , let’s say your SharePoint 2013 farm has Jan 2017 CU , then you need to make sure that the new server also has Jan 2017 CU and only then you can add it to the farm) .Coming to your query on the Service packs , as long as you have SP1 installed you can directly go ahead and install the latest CU as SP1 is the pre-requisite for any CU which got released after SP1 .

      Also , if you’re enviroment has Language packs , please install that as well and also the Service packs for those language packs on the new server that you would be adding .Regarding the other applications such as SSRS add-in for Reporting services , that can be installed on a WFE server and you don’t need to have that running on a APP server . However , it doesn’t impact anything even if you have that add-in installed on your APP servers also .

      I hope this helps .

      Here’s a reference link :_ https://technet.microsoft.com/en-us/library/cc261752.aspx

      Like

  8. Hi
    I have an SP farm that has SP1 and May 2015 CU and then no updates were done. Now, I have been asked to look at the environment and see what has to be installed.
    Should i go ahead and install May 2017 CU or should i install all previous CUs? The reason is I am confused between what you are saying and what Stefan says in his blog below.

    https://blogs.technet.microsoft.com/stefan_gossner/2014/08/18/sharepoint-patching-demystified/

    What I understand from his blog is that each CU might involve different services/components and hence, i would believe that latest CU may not involve the latest of all the services/components.
    Can you clarify this please?
    Thanks
    Suja

    Like

    1. Hi Suja ,
      I’m glad that you asked and I’ve also read that article from Stefan .However, you need to be mindful that he has clearly mentioned that it was the case only with August 2014 CU in the link that you’re referring above because Microsoft followed a different approach while shipping that package .But that was not the case for the later CU’s . SharePoint CU’s are always cumulative and as long as you have SP1 installed you can go ahead and install the latest CU package .May be in the mere future if Microsoft releases SP2 for SharePoint 2013 then in that case SP2 would be the bare minimum requirement for CU’s released post SP2 .I hope that answers your question .Also please take a look at the link below to understand the pre-requisites for May 2017 CU
      https://blogs.technet.microsoft.com/stefan_gossner/2017/05/09/may-2017-cu-for-sharepoint-2013-product-family-is-available-for-download/

      Like

  9. Hi Vignesh,
    in the step 5, Running the SharePoint Configuration Wizard, where i found Sharepoint configuration wizard or how i can start?
    Thanks for your support.
    Ciro

    Like

      1. Sorry for my english! after the CU installation, you write:
        5. Running the SharePoint Configuration Wizard:

        Once you’ve confirmed that the CU package has been installed successfully and it’s showing up correctly under Control Panel now it’s time to go ahead and run the SharePoint Configuration Wizard….

        How i can run Sharepoin Configuration Wizard??? where is the exe file? thanks

        Like

  10. Thanks Vignesh for your support! A last question: can i install directly the last CU (may 2017) on my server that it has sp1 or i must install first an old CU?
    Thanks

    Like

  11. Hi!
    After each installation of the CU (after psconfig), I have lost the rights for the system account of the farm to databases with RBS, and some application databases (for example, the user profile service application). Why is this happening?

    Like

    1. That’s weird .I haven’t heard of such issues before . Which account did you use to patch your farm ? Farm account or your admin account which has all the necessary privileges as a Farm account?

      Like

  12. Thanks for the information.

    I have query regarding DB server. My SP2013 farm has 2 WFE servers which are load balanced, one APP server and one DB server. Based on your recommendation, I will install the binary and reboot the servers in following sequence – WFE 1 –> WFE2 –> APP. And run the configuration wizard as APP –> WFE1 –> WFE2

    Do I need to install the binary on DB server? If yes, what should be the sequence? This database server is used only for running database service and no other SharePoint services.

    Like

    1. Hi Arvind,
      This article is only for SharePoint server patching and not for DB server . If you’re planning to patch the backend DB server of your SharePoint farm then the only thing that you need to be mindful of , please ensure that you shutdown your SharePoint farm so that no transactions are written to the DB’s from SharePoint during the patching .Of course your SP farm will be down when the backend DB server is being patched so it’s better to shutdown the SP farm .There is no order for DB server patching as it would mostly be a single server

      Like

  13. Hi Vignesh,

    Your article is awesome, however I need few clarification regarding installing security patch in my SP 2013 farm.
    I could see below patch is pending for an update in all my farm servers.
    Security Update for Microsoft SharePoint Enterprise Server 2013 (KB3162069) farm-deployment.
    My farm latest patch update is Jan 2016 CU. My question is – Is the Security update would be there in June 2017 CU or I need to patch individual security update in my farm.

    Thanks
    Balaji.D

    Like

    1. Hi Balaji ,
      Mostly if the security update is missing you need to download it separately and install it on all the servers in the farm and then run the configuration wizard. It’s not necessary that the security update would be added on the next CU , sometimes it might be missing and it’s better to install it yourself

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s