What are best practices for patching Windows cluster based servers, i.e. File Server, SQL, Exchange, etc?

Posted on 2015-02-22
Last Modified: 2015-07-26

I need to know that how most of the bigger organizations patch their Windows cluster based servers like file server, SQL or Exchange.

We have SCCM 2012 R2 and patch our environment in phases. We have an effective procedure except Windows cluster because you cannot patch and restart them automatically via SCCM due to obvious reasons and Microsoft recommendations.

Now if we manually patch these servers in night, it requires lot of our Sys admin's time and then he will has to take comp time too.

Can someone suggest me in this regard?
Question by:TAMUQITS
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2

Expert Comment

by:Oleksiy Gayda
ID: 40626256
In my experience, manual patching by a sysadmin after-hours is the standard approach to patching Windows server clusters - patch the inactive node, reboot, fail-over, patch the second node, reboot, test the fail-over... having sysadmins do work after-hours is the cost of doing business in a Windows shop.
LVL 30

Assisted Solution

by:Rich Weissler
Rich Weissler earned 500 total points
ID: 40626300
On my SQL Active/Passive clusters, I follow the following procedure:
 1. I let SCCM apply OS patches on the passive node.  
 2. I confirm the passive node is happy the next morning, and schedule (via script) a failover in the middle of the night.
 3. After confirming the failover was happy the next morning.
 4. I let SCCM apply OS patches on the second passive node.

I should say that I have SCOM monitoring, as well as jobs running in SQL which page me if anything goes horribly wrong in the middle of the night.  So far, *knocks.wood* it hasn't failed me yet.  Those patches are applied with several days between them.

Our File Share clusters, are all scheduled to failover to the server not being patched on any given night a few hours before the maintenance window for a server allows patches to apply... and the volumes are configured to go back to their preferred nodes after the maintenance window ends.  (But for us, it all takes place in the middle of the night automagically.)  But only one cluster node is patched on any given night.

Author Comment

ID: 40629955
Hi Rich,

If you don't mind, can I ask to share those scripts to failover any cluster node?
LVL 30

Accepted Solution

Rich Weissler earned 500 total points
ID: 40630576
Sure.  On my Windows 2003* and 2008 cluster, I have cmd files with the following lines:
date /t >> failover.log
cluster.exe [cluster_objectname] group "Cluster Group" /moveto:[othernodename] >> failover.log
cluster.exe [cluster_objectname] group "SQL GROUP - <SQL instancename>" /moveto:[othernodename] >> failover.log

Open in new window

(and I have a different cmd file on each of the two servers with the only the [othernodename] different between the two, and I schedule them manually when I've coordinated a failover with the groups that need to know.

And you can get the cluster.exe to give you all the information about the cluster object names...

On my 2012 systems, I believe I've moved to powershell and Move-ClusterGroup.
date /t >> failover.log
move-clustergroup "Cluster Group"
move-clustergroup "SQL Server (MSSQLSERVER)"

Open in new window

I believe my compatriot who manages the File Shares uses something similar to get the nodes failed over before patches... but the return to the preferred owner node is handled by the Failover properties on the roles themselves.

*Yes, yes... I need to get that cluster retired.  I've been working with our developers and application folks to get everything off this cluster for two years.  I think we'll JUST make it.

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
OfficeMate Freezes on login or does not load after login credentials are input.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question