The application upgrade must meet the following requirements:
The user account for which the application update is planned must be included in the Domain Admins group and in the Kse Administrators group in Active Directory.
If an update was already performed on at least one Security Server or Management Console in the corporate network, all you need is a local administrator account to update the remaining instances of the application on other corporate computers. In this case, the user account used for upgrading the application must be granted permissions to read the Microsoft Exchange configuration from the following Active Directory container and all its child objects: CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
It is recommended to upgrade the application in a sequence on all Security Servers and Management Console deployed on the corporate network. If the application upgrade has failed on any Security Server, you will be able to connect to this Security Server only using the Management Console of the previous version.
It is recommended to upgrade the application on Microsoft Exchange servers running within a DAG configuration as quick as possible.
SQL server hosting the application database must remain accessible during the upgrade procedure. Otherwise the upgrade will fail.
In order for the application to work properly, TCP port 13100 must be opened on all computers where the application will be upgraded as well as along the path of data transmission between them.
During the update procedure the application's Setup Wizard accesses the application's database. The account for which the upgrade procedure is planned must have the following access rights:
For the SQL server: the ALTER ANY LOGIN, ALTER ANY CREDENTIAL and VIEW ANY DEFINITION rights.
To the database: db_owner role.
On all computers on which an application update is planned, Microsoft Windows update KB2999226 must be installed.