Solved

Windows Server 2008 R2 Windows Updates / Automatic Restart / effect on VM's

Posted on 2016-09-24
7
46 Views
Last Modified: 2016-10-07
On our Domain Controller (Windows Server 2008), we have a Domain Group Policy setting for scheduling of Windows Updates.  

Screenshot is attached showing:
1) Option 4 - Auto Download and schedule the installation
2) Scheduled Install Day - Every Sunday
3) Scheduled Install Time - 02:00

We're using these settings primarily to have our servers install updates and reboot during off-peak hours.  In our environment, we have physical boxes running Windows Server 2012 (Host OS) and VM's on these physical boxes running (Guest OS) Windows Server 2012.  All servers (physical boxes and VM's) are members of our domain.

Our primary problem resides with the physical boxes.  It seems that the download of Windows updates (if available) is occurring nightly on these servers.  Given the settings above, we'd expect those updates to be installed "Every Sunday" at "2:00 a.m.".  This schedule seems to be working.  We'd also expect those servers to reboot after those updates are installed; again, during off-peak hours.  However, this is not happening.

We're seeing an automatic reboot of these physical boxes occur at random during the following days after the updates are installed.  Our end users are accessing software installed on the VM's which are, of course, running on the physical boxes.  When the random reboot of the physical box occurs (more often than not during the work day), our end users are left with no connectivity for as long as it takes the server to reboot.  The VM's, as expected, seem to go in to a "Paused" state while the reboot of the physical box occurs.

Once the physical box reboots, the end users are able to connect to software running on the VM's.  It sometimes takes 20-30 minutes for this process to finish.

There seems to be an update that resolves this issue for Windows Server 2012.  A screenshot, "Hotfix", is also attached.
C--Users-dan-Desktop-GP_Updates_Rest.JPG
C--Users-dan-Desktop-HotFix.JPG
0
Comment
Question by:baleman2
7 Comments
 
LVL 87

Expert Comment

by:rindi
ID: 41813612
On servers you should never do the updates automatically. Things can go wrong etc. You should rather have someone do this manually at weekends or similar. That way he can oversee whether everything works as expected, and he can troubleshoot and fix things, or even go onsite if something goes wrong. If you do it automatically chances are that in Monday when all want to resume work, they can't because servers are down.
0
 

Author Comment

by:baleman2
ID: 41813657
To Rindi:

Come on.  We're not even a very large company, but we've got a datacenter with over 40 servers.  It's not feasible to manually login, update, and reboot that many machines.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41813673
Did you try the hotfix in the article you linked to?
Is something running at 2:00am preventing the restart?  Have you tried an earlier or later time?
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:baleman2
ID: 41813697
The hotfix was found under an article based on the Windows Server 2012 OS, so I haven't attempted to install on the 2008 Server.

Have tried different times with no success.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 41813714
Your initial problem claims "In our environment, we have physical boxes running Windows Server 2012 (Host OS) and VM's on these physical boxes running (Guest OS) Windows Server 2012"

Why wouldn't you apply this hotfix to your 2012 servers since they have the issue?
0
 

Author Comment

by:baleman2
ID: 41814808
Am (incorrectly?) assuming that Domain Group Policy would take precedence over the settings applied by the hotfix?
0
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 41815023
No. That's the point. 2012 and 2912 R2 use Windows 8's update logic and code, and that means they don't honor the old settings. The hotfix doesn't even fully fix that, but it does at least prevent them from waiting three days and rebooting mid-day which is a marked improvement. But the hotfix must be installed on the clients that are misbehaving to get the improved behavior.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

The following article is comprised of the pearls we have garnered deploying Hyper-V since Virtual Server 2005 and subsequent 2008 RTM+ standalone and clustered.
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now