Solved

What are best practices for patching Windows cluster based servers, i.e. File Server, SQL, Exchange, etc?

Posted on 2015-02-22
4
290 Views
Last Modified: 2015-07-26
Hello:

I need to know that how most of the bigger organizations patch their Windows cluster based servers like file server, SQL or Exchange.

We have SCCM 2012 R2 and patch our environment in phases. We have an effective procedure except Windows cluster because you cannot patch and restart them automatically via SCCM due to obvious reasons and Microsoft recommendations.

Now if we manually patch these servers in night, it requires lot of our Sys admin's time and then he will has to take comp time too.

Can someone suggest me in this regard?
0
Comment
Question by:TAMUQITS
  • 2
4 Comments
 
LVL 6

Expert Comment

by:Oleksiy Gayda
ID: 40626256
In my experience, manual patching by a sysadmin after-hours is the standard approach to patching Windows server clusters - patch the inactive node, reboot, fail-over, patch the second node, reboot, test the fail-over... having sysadmins do work after-hours is the cost of doing business in a Windows shop.
0
 
LVL 29

Assisted Solution

by:Rich Weissler
Rich Weissler earned 500 total points
ID: 40626300
On my SQL Active/Passive clusters, I follow the following procedure:
 1. I let SCCM apply OS patches on the passive node.  
 2. I confirm the passive node is happy the next morning, and schedule (via script) a failover in the middle of the night.
 3. After confirming the failover was happy the next morning.
 4. I let SCCM apply OS patches on the second passive node.

I should say that I have SCOM monitoring, as well as jobs running in SQL which page me if anything goes horribly wrong in the middle of the night.  So far, *knocks.wood* it hasn't failed me yet.  Those patches are applied with several days between them.

Our File Share clusters, are all scheduled to failover to the server not being patched on any given night a few hours before the maintenance window for a server allows patches to apply... and the volumes are configured to go back to their preferred nodes after the maintenance window ends.  (But for us, it all takes place in the middle of the night automagically.)  But only one cluster node is patched on any given night.
0
 

Author Comment

by:TAMUQITS
ID: 40629955
Hi Rich,

If you don't mind, can I ask to share those scripts to failover any cluster node?
0
 
LVL 29

Accepted Solution

by:
Rich Weissler earned 500 total points
ID: 40630576
Sure.  On my Windows 2003* and 2008 cluster, I have cmd files with the following lines:
date /t >> failover.log
cluster.exe [cluster_objectname] group "Cluster Group" /moveto:[othernodename] >> failover.log
cluster.exe [cluster_objectname] group "SQL GROUP - <SQL instancename>" /moveto:[othernodename] >> failover.log

Open in new window

(and I have a different cmd file on each of the two servers with the only the [othernodename] different between the two, and I schedule them manually when I've coordinated a failover with the groups that need to know.

And you can get the cluster.exe to give you all the information about the cluster object names...

On my 2012 systems, I believe I've moved to powershell and Move-ClusterGroup.
date /t >> failover.log
move-clustergroup "Cluster Group"
move-clustergroup "SQL Server (MSSQLSERVER)"

Open in new window


I believe my compatriot who manages the File Shares uses something similar to get the nodes failed over before patches... but the return to the preferred owner node is handled by the Failover properties on the roles themselves.

*Yes, yes... I need to get that cluster retired.  I've been working with our developers and application folks to get everything off this cluster for two years.  I think we'll JUST make it.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now