We know that applying the latest Exchange 2016 or Exchange 2019 Security updates are important to close vulnerabilities identified however, what happens when these updates auto install and then fail with a standard error message saying the update failed to install and the system was not modified.
You need to look deeper and in the setup logs to find the actual cause of the update failing.
If you navigate to C:\ExchangeSetupLogs, you should have a “ServiceControl” log file file. Open this log file and scroll to the bottom, you should see something similar to the below error:
We can see that a command was trying to run in the background called “Stop-SetupService” and this caused the Security Update (SU) to fail.
Solution
To resolve this error, we need to modify a PowerShell script in the Exchange Installation directory which is in the location (Your installation directory may differ):
- C:\Program Files\Microsoft\Exchange Server\V15\Bin
The file is called “ServiceControl.ps1”. You need to open up Notepad elevated as you need to make a change to this script. The following line needs to be added below the “param(” entry in the beginning of the script, this is the line that you need to add:
New-Alias Stop-SetupService Stop-ServiceHere is what the file should look like:
If you head back to your elevated command prompt, you should be able to start the Security Update for Exchange 2016 again and this time it should complete as seen below:
After a reboot, check that all the services are running (sometimes after this kind of failure, some services stay in a disabled state) and that Exchange is behaving as it should.
Hope you find it helpful.