Special steps are required when ndexnstalling Windows Updates and Rollups on Exchange DAG members. This article explains the best way to install Windows Updates. There is a different procedure required when installing Exchange Update Rollups on DAG Members.
Steps to Install Windows Updates on Exchange DAG members:
On the first server you are applying Windows Updates perform the following:
1) Perform server Switchover so that the server you are installing the updates on is not active: Move-ActiveMailboxDatabase –Server ExchangeServerYouAreUpdating
After each switchover perform the following command to make sure the DB’s are healthy and see which server is the active server:
Get-MailboxDatabaseCopyStatus *
Note: sometimes after a reboot it can take a few minutes for things to return to a healthy state. The output of “Get-MailboxDatabaseCopyStatus” may also get index errors, here are steps to troubleshoot Exchange content index errors.
2) On the Exchange Server that is not active for the databases: Open the yellow-shield Windows Update icon, review the updates, confirm that no Exchange Update Rollups or Exchange patches are selected. If they are, exclude them. Exchange patches should not be applied through Windows Update on DAG member Exchange servers. Once the updates are applied, reboot the Exchange server.
3) Once the first server is rebooted and back online from the updates and you have checked the db replication health (Get-MailboxDatabaseCopyStatus *), repeat the steps 1 and 2 on the next server. Note: Avoid having more that one exchange server offline at a time.
Resources:
https://technet.microsoft.com/en-us/library/dd298187.aspx