• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 40
  • Last Modified:

Windows Update 2012

Hello,

I noticed that when you set Windows Update on Windows 2012 R2 Server on "install updates automatically" it do install updates but do not reboot server. When you connect to server you get a warning that "server will be rebooed within 2 days, 1 days, today ect.." but no automatic server reboot.

Today it rebooted at mid-day when many persons where connected !!!!!

Any idea of this problem?
0
gadsad
Asked:
gadsad
  • 6
  • 5
  • 2
  • +3
1 Solution
 
Peter HutchisonSenior Network Systems SpecialistCommented:
You can changed this behaviour in group policy:
a) Load GPEDIT.msc
b) Expand Computer Configuration
c) Expand Administrative Templates
d) Expand Windows Components
e) Select Windows Updates
f) Enable policy called 'Always automatically restart at the scheduled time'
0
 
hsclaterCommented:
As per http://technet.microsoft.com/en-us/library/cc720539(v=ws.10).aspx there are different settings.

- Notify for download and notify for install. This option notifies a logged-on administrative user prior to the download and prior to the installation of the updates.


- Auto download and notify for install. This option automatically begins downloading updates and then notifies a logged-on administrative user prior to installing the updates.


- Auto download and schedule the install. If Automatic Updates is configured to perform a scheduled installation, you must also set the day and time for the recurring scheduled installation.


- Allow local admin to choose setting. With this option, the local administrators are allowed to use Automatic Updates in Control Panel to select a configuration option of their choice. For example, they can choose their own scheduled installation time. Local administrators are not allowed to disable Automatic Updates.

Just set the option to the first one, and it won't install the updates automatically. However the bahviour you are seeing isn't right, are you sure that your servers are up to date? The behaviour was changed in an update rollup, see this:

http://support.microsoft.com/kb/2885694

This describes you issue with the countdown, and should be resolved in an the update above.
0
 
gadsadAuthor Commented:
So complicated...

In Windows 2008 R2 I noever had any problem. Servers where always rebooted after updates at 3 AM. No one was working on the server at this time

It may be better to disable automatic Windows Update I think
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
rindiCommented:
In my opinion you should never allow servers to do automatic updates, but rather do those manually while the users aren't there, but you are...

That way you are in full control, and if necessary you can also uninstall failed updates or restore from the backups if something goes wrong. Besides that, lately m$ has released some updates too early which were buggy and not tested enough that broke something, and had to withdraw them. So if you wait for some time before you install the update after it has been released, chances are that you won't run into that situation, as it is likely such an update has already been withdrawn by then.

Just set aside weekends to do the updates. You can also do other administrative tasks then, like running diagnostics on the servers and cleaning out all dust etc.
0
 
gadsadAuthor Commented:
thanks RIndi for you comment, it makes sense

So if I understood well I should not event set Windows Update to download updates (in the event MS withdraw a bugged update) and set Windows Update to manually look for updates. IS that what you suggest?
0
 
rindiCommented:
Correct, that's what I do.
0
 
gadsadAuthor Commented:
And install updates on a monthly basis before next ms updates? Is that fine?
0
 
rindiCommented:
Yes. But instead of doing it on m$'s patch Tuesday, wait at least for the weekend, or better the weekend after the weekend of patch Tuesday.
0
 
gadsadAuthor Commented:
Or maybe the last we before next patch Tuesday
0
 
rindiCommented:
I wouldn't wait too long, or you can get vulnerable. Most buggy updates get noticed within a week or less and are withdrawn as soon as they are found.
0
 
gadsadAuthor Commented:
Ok thanks for all
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
I agree with Rindi - on servers, I disable automatic updates from rebooting and set it to download only.  Then I apply updates the LAST Wednesday of the month (and CHECK them too - occasionally MS releases updates outside of patch Tuesday - I skip those until they've been vetted by the community).  Ideally you should be running your own tests on test systems, but especially in smaller organizations, that's not always possible.
0
 
rindiCommented:
Often you can't properly run the tests outside a productive environment, as certain bugs need certain conditions to show themselves which only show up when the server gets used normally. That often can't easily be simulated.
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
So because some bugs may not show up in a test environment no testing should be done?  Sorry, but arguing the point of testing if possible, at least to me, sounds like you're saying since you could miss one, it's pointless.  Pretty sure that's not what you mean... but that was my first reaction to your comments.

Loads can be simulated and in environments where systems are virtual, actual production systems CAN be tested (by making copies off to test networks), but as I said, smaller environments aren't often capable of doing this.
0
 
gadsadAuthor Commented:
for me no way to have test environments as customer are small organisations

I will just set Windows update to CHECK for update (not download updates that will allow MS to remove bugged updates before downloading them) and  run updates on the LAST Wednesday of the month before next patch Tuesday
0
 
Seth SimmonsSr. Systems AdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 6
  • 5
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now