Applying Domain Controller Windows Update strategy ?
People
I've got 2x VM Domain Controller (2008R2) which holds all FSMO role in my Data Centre AD sites (used by Exchange Servers).
The problem is that the Windows Update hasn't been applied since 2012 and 2013 hence there are 213+ updates waiting to be applies.
so how can I safely apply the update in a batch of 50 updates per day ? or shall I do one domain controller all in one go with 200+ patches ?
Thanks,
I've got 2x VM Domain Controller (2008R2) which holds all FSMO role in my Data Centre AD sites (used by Exchange Servers).
The problem is that the Windows Update hasn't been applied since 2012 and 2013 hence there are 213+ updates waiting to be applies.
so how can I safely apply the update in a batch of 50 updates per day ? or shall I do one domain controller all in one go with 200+ patches ?
Thanks,
Last Comment
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Hi Rant,
last time I accidentally update the DC in my HQ site, it took more than 2 hours for just under 70 patches.
last time I accidentally update the DC in my HQ site, it took more than 2 hours for just under 70 patches.
ASKER
so shall I update it in a chunk of 50 or based on the year of the patches ... ?
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Im using no tools at all.
It is downloaded straight from the Internet.
So I wonder if there are some problematic update that I shouldn't apply is still listed there on the list as well.
It is downloaded straight from the Internet.
So I wonder if there are some problematic update that I shouldn't apply is still listed there on the list as well.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
@Lee,
Both of the DC is used by the Exchange Server in the Data Centre AD site.
However, this both DC backed up daily.
Both of the DC is used by the Exchange Server in the Data Centre AD site.
However, this both DC backed up daily.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Yes, all of my DC are all Global Catalog in my Data Centre, so I guess I can just patch one security update only in one go and then stage the other patches the day after.
Note, the VM backup for the both domain controllers is using Veeam Backup.
I won't take snapshot since it is not going to be supported by Microsoft.
Note, the VM backup for the both domain controllers is using Veeam Backup.
I won't take snapshot since it is not going to be supported by Microsoft.
ASKER
ok, what about if during the Windows update installation the OS is stuck or not booting into the OS ?
Can I just force reset it or do I have to restore the VM from the backup ?
Can I just force reset it or do I have to restore the VM from the backup ?
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
You might need several reboots to apply all patches. Do one server at a time. Patch it fully and then move to another server. Take system state backup before starting patching for FSMO server. Rest windows update will take care. Secondly, avoid any VM restore. DC you need to perform authoritative restore. However, If you have more than one DC. It is rare that all DC will go down.
Let me know, if any query.
Let me know, if any query.
@ITSystemEngineer
Do you have a status update on your attempt?
Do you have a status update on your attempt?
ASKER
Hi all,
I'm doing it now while on business hours.
There is another DC/GC in my data centre AD site to take care the Exchange server mail flow.
Fingers crossed 220 patches all on one go.
I'm doing it now while on business hours.
There is another DC/GC in my data centre AD site to take care the Exchange server mail flow.
Fingers crossed 220 patches all on one go.
ASKER
Thanks all, the update of single DC took more than 4 hours, but luckilly it all went fine.
Exchange
Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.
213K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER
2015 patch first
2014 patch
2013 patch lastly
or the other way around ?