Go Premium for a chance to win a PS4. Enter to Win


What are best practices for patching Windows cluster based servers, i.e. File Server, SQL, Exchange, etc?

Posted on 2015-02-22
Medium Priority
Last Modified: 2015-07-26

I need to know that how most of the bigger organizations patch their Windows cluster based servers like file server, SQL or Exchange.

We have SCCM 2012 R2 and patch our environment in phases. We have an effective procedure except Windows cluster because you cannot patch and restart them automatically via SCCM due to obvious reasons and Microsoft recommendations.

Now if we manually patch these servers in night, it requires lot of our Sys admin's time and then he will has to take comp time too.

Can someone suggest me in this regard?
Question by:TAMUQITS
  • 2

Expert Comment

by:Oleksiy Gayda
ID: 40626256
In my experience, manual patching by a sysadmin after-hours is the standard approach to patching Windows server clusters - patch the inactive node, reboot, fail-over, patch the second node, reboot, test the fail-over... having sysadmins do work after-hours is the cost of doing business in a Windows shop.
LVL 30

Assisted Solution

by:Rich Weissler
Rich Weissler earned 1500 total points
ID: 40626300
On my SQL Active/Passive clusters, I follow the following procedure:
 1. I let SCCM apply OS patches on the passive node.  
 2. I confirm the passive node is happy the next morning, and schedule (via script) a failover in the middle of the night.
 3. After confirming the failover was happy the next morning.
 4. I let SCCM apply OS patches on the second passive node.

I should say that I have SCOM monitoring, as well as jobs running in SQL which page me if anything goes horribly wrong in the middle of the night.  So far, *knocks.wood* it hasn't failed me yet.  Those patches are applied with several days between them.

Our File Share clusters, are all scheduled to failover to the server not being patched on any given night a few hours before the maintenance window for a server allows patches to apply... and the volumes are configured to go back to their preferred nodes after the maintenance window ends.  (But for us, it all takes place in the middle of the night automagically.)  But only one cluster node is patched on any given night.

Author Comment

ID: 40629955
Hi Rich,

If you don't mind, can I ask to share those scripts to failover any cluster node?
LVL 30

Accepted Solution

Rich Weissler earned 1500 total points
ID: 40630576
Sure.  On my Windows 2003* and 2008 cluster, I have cmd files with the following lines:
date /t >> failover.log
cluster.exe [cluster_objectname] group "Cluster Group" /moveto:[othernodename] >> failover.log
cluster.exe [cluster_objectname] group "SQL GROUP - <SQL instancename>" /moveto:[othernodename] >> failover.log

Open in new window

(and I have a different cmd file on each of the two servers with the only the [othernodename] different between the two, and I schedule them manually when I've coordinated a failover with the groups that need to know.

And you can get the cluster.exe to give you all the information about the cluster object names...

On my 2012 systems, I believe I've moved to powershell and Move-ClusterGroup.
date /t >> failover.log
move-clustergroup "Cluster Group"
move-clustergroup "SQL Server (MSSQLSERVER)"

Open in new window

I believe my compatriot who manages the File Shares uses something similar to get the nodes failed over before patches... but the return to the preferred owner node is handled by the Failover properties on the roles themselves.

*Yes, yes... I need to get that cluster retired.  I've been working with our developers and application folks to get everything off this cluster for two years.  I think we'll JUST make it.

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question