Link to home
Avatar of Gad SAADIA
Gad SAADIAFlag for France

asked on

Windows Update 2012


I noticed that when you set Windows Update on Windows 2012 R2 Server on "install updates automatically" it do install updates but do not reboot server. When you connect to server you get a warning that "server will be rebooed within 2 days, 1 days, today ect.." but no automatic server reboot.

Today it rebooted at mid-day when many persons where connected !!!!!

Any idea of this problem?
Avatar of Peter Hutchison
Peter Hutchison
Flag of United Kingdom of Great Britain and Northern Ireland image

You can changed this behaviour in group policy:
a) Load GPEDIT.msc
b) Expand Computer Configuration
c) Expand Administrative Templates
d) Expand Windows Components
e) Select Windows Updates
f) Enable policy called 'Always automatically restart at the scheduled time'
Avatar of hsclater

As per there are different settings.

- Notify for download and notify for install. This option notifies a logged-on administrative user prior to the download and prior to the installation of the updates.

- Auto download and notify for install. This option automatically begins downloading updates and then notifies a logged-on administrative user prior to installing the updates.

- Auto download and schedule the install. If Automatic Updates is configured to perform a scheduled installation, you must also set the day and time for the recurring scheduled installation.

- Allow local admin to choose setting. With this option, the local administrators are allowed to use Automatic Updates in Control Panel to select a configuration option of their choice. For example, they can choose their own scheduled installation time. Local administrators are not allowed to disable Automatic Updates.

Just set the option to the first one, and it won't install the updates automatically. However the bahviour you are seeing isn't right, are you sure that your servers are up to date? The behaviour was changed in an update rollup, see this:

This describes you issue with the countdown, and should be resolved in an the update above.
Avatar of Gad SAADIA


So complicated...

In Windows 2008 R2 I noever had any problem. Servers where always rebooted after updates at 3 AM. No one was working on the server at this time

It may be better to disable automatic Windows Update I think
In my opinion you should never allow servers to do automatic updates, but rather do those manually while the users aren't there, but you are...

That way you are in full control, and if necessary you can also uninstall failed updates or restore from the backups if something goes wrong. Besides that, lately m$ has released some updates too early which were buggy and not tested enough that broke something, and had to withdraw them. So if you wait for some time before you install the update after it has been released, chances are that you won't run into that situation, as it is likely such an update has already been withdrawn by then.

Just set aside weekends to do the updates. You can also do other administrative tasks then, like running diagnostics on the servers and cleaning out all dust etc.
thanks RIndi for you comment, it makes sense

So if I understood well I should not event set Windows Update to download updates (in the event MS withdraw a bugged update) and set Windows Update to manually look for updates. IS that what you suggest?
Correct, that's what I do.
And install updates on a monthly basis before next ms updates? Is that fine?
Yes. But instead of doing it on m$'s patch Tuesday, wait at least for the weekend, or better the weekend after the weekend of patch Tuesday.
Or maybe the last we before next patch Tuesday
I wouldn't wait too long, or you can get vulnerable. Most buggy updates get noticed within a week or less and are withdrawn as soon as they are found.
Ok thanks for all
I agree with Rindi - on servers, I disable automatic updates from rebooting and set it to download only.  Then I apply updates the LAST Wednesday of the month (and CHECK them too - occasionally MS releases updates outside of patch Tuesday - I skip those until they've been vetted by the community).  Ideally you should be running your own tests on test systems, but especially in smaller organizations, that's not always possible.
Often you can't properly run the tests outside a productive environment, as certain bugs need certain conditions to show themselves which only show up when the server gets used normally. That often can't easily be simulated.
So because some bugs may not show up in a test environment no testing should be done?  Sorry, but arguing the point of testing if possible, at least to me, sounds like you're saying since you could miss one, it's pointless.  Pretty sure that's not what you mean... but that was my first reaction to your comments.

Loads can be simulated and in environments where systems are virtual, actual production systems CAN be tested (by making copies off to test networks), but as I said, smaller environments aren't often capable of doing this.
Avatar of Gad SAADIA
Flag of France image

Blurred text
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.