2008 SBS Updates, lots & lots of them...

Is there any kind of an all in one update roll up available for 2008 SBS? I've currently got 177 pending & have been gun shy about running updates on this, since it's always ended badly, having to restore from a backup. I've tried all at once, smaller groups of 20 - 30, but again, they've all ended badly. I am (finally) starting the process of replacing it & in the migration guide I'm using, having it all up to date is strongly recommended. Are there any updates that are all inclusive? Is there a certain order I should let them run in?
Suggestions, please!
LVL 1
gromackAsked:
Who is Participating?
 
JohnConnect With a Mentor Business Consultant (Owner)Commented:
If the Microsoft suggestions did not work, reply to the case with that information and ask for a refund
0
 
JohnBusiness Consultant (Owner)Commented:
First, your server should be up to date. You are a LONG way behind.

Install the earliest (oldest) updates first. Then newer, then newer until you are up to date.

I am not sure if Server 2008 has roll up updates but these would be newer (if they exist) and you still want the older ones first.
0
 
gromackAuthor Commented:
In the select updates to install screen, is there a way to display a date there?
All I see is name & size. The only way I'm seeing a date is to select each one individually.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
JohnBusiness Consultant (Owner)Commented:
Check and see if the oldest are at the top or bottom and then process from that end.

You can also try WSUS Offline if you wish as that tool will work through properly (and you may need to run more than once). It has a Server 2008 section.

http://download.wsusoffline.net/
0
 
RoninCommented:
Start with the critical, make sure there's enough disk space on the server.
Install Desktop experience which will allow you to clean the old updates that are already deployed, as well as cleanup those that you install as part of this engagement.
Once critical are completed, continue with optional.
Rinse and repeat.
0
 
JohnBusiness Consultant (Owner)Commented:
You still need to select oldest first to make certain later ones can install
0
 
gromackAuthor Commented:
They kinda jump all over the place, but it appears that the oldest date is 11/6/16 & there are 110 updates published on that date.
With WSUS Offline, I've got options for Windows Server 2008 or Windows 7 / Windows Server 2008 R2, nothing with SBS in name.
Wouldn't that ultimately give me the same ton of updates?
0
 
JohnBusiness Consultant (Owner)Commented:
Yes it will pick all the updates
0
 
RoninCommented:
There's no difference whatsoever in what order to install updates.
The install process smart enough (in the past there was a need to use qchain to install updates in correct order), to figure out what packages from the selected list needed and in what order.
After you done with initial batch, rescan for updates, you will notice that amount of updates, as well as which ones are outstanding is changed, since some of them no longer requires, since you installed the newest one.
0
 
gromackAuthor Commented:
Ronin, your answer sounds as if I was going to cut loose with all 177 updates at once...
John, at that point, will it still give me the option to install in smaller groups, by date, etc? This just bascially downloads them, right?
0
 
JohnBusiness Consultant (Owner)Commented:
There's no difference whatsoever in what order to install updates.  

There is a difference if an older update is a prerequisite to a newer update.

WSUS automates the install process and (for me) does it correctly)
0
 
Hypercat (Deb)Commented:
Windows off line questions:  SBS 2008 is Windows Server 2008 R2.

Does the server have WSUS installed and running?  If so, you should be able to list the updates by release date in the WSUS console.  If you want to take the time, you can go through the updates in WSUS and decline old updates that have been superseded by newer ones.  This will cut way down on the number of updates that you need to install.  However, I will say that this can be a long and somewhat tedious process, since it's advisable to check first to make sure the superseding update is available to be installed BEFORE you decline any older updates.  

For the most part, if you approve and run ALL the updates at once, Windows will just skip the older superseded updates and only install the newest ones.  Also, if some of those 177 updates are just "Updates" rather than "Security Updates" I recommend skipping those and only install them after all the security updates have been installed successfully.
0
 
gromackAuthor Commented:
WSUS offline looks like its downloaded even more updates than currently shown in windows updates.
Downloaded/validated 26 dynamically determined updates for dotnet x64-glb
Downloaded/validated 21 statically defined updates for w61-x64 glb
Downloaded/validated 192 dynamically determined updates for w61-x64 glb
I think I'm going to have to run out to office at end of day, run a complete backup, run the update installer & hope for the best. It looks like it only gives me the option to run, not pick & choose.
And what is the advantage to going this route vs windows updates?
0
 
JohnBusiness Consultant (Owner)Commented:
If you allow the updates and run it again, it will download and install more. Repeat until done
0
 
JohnBusiness Consultant (Owner)Commented:
Also, and what is most important is that you get the updates DONE. Having 116 outstanding updates is a very serious security risk.
0
 
RoninCommented:
@gromack
Ronin, your answer sounds as if I was going to cut loose with all 177 updates at once...
You can if you want to, it will take several hours ... You need to schedule appropriately. If it's a PROD server - do 30-40 at a time.
0
 
mbkitmgrCommented:
I am curious about the "it ends badly"  can you elaborate?

I have supported servers since Windows NT 3.51 Server (Compaq ProLiant Servers, Dell PowerEdge, HP  and IBM) and I have not had many issues with updates over the years.  Mind you 3.51 didn't have many to apply, but with WSUS and the smarter installation of updates, you shouldnt be having the issues you elude too.  I am curious
0
 
gromackAuthor Commented:
Over the years, twice I've had it get stuck during the reboot, applying computer settings (over 4 hours), finally having to force quit & restore from backup. A coupole of times updates not taking & again, with a long, nail-biting reboot!
0
 
JohnBusiness Consultant (Owner)Commented:
Are you saying you just restored from backup, or was that a historical statement?

Where are you now in applying groups of updates?
0
 
gromackAuthor Commented:
Historical.
0
 
gromackAuthor Commented:
Well, ran the offline updater & received the following message;

Starting WSUS Offline Update (v. 11.1) at 19:48:57.22...
Checking user's privileges...
Determining system's properties...
Determining Windows licensing info...
Found Microsoft Windows version: 6.0.6002.19700 (w60 x64 enu sp2)
Found Microsoft Windows Software Licensing Management Tool info...
Name: Windows Server(R), ServerSBSStandard edition
Description: Windows Operating System - Windows Server(R), OEM_SLP channel
Partial Product Key: PW2D2
License Status: Licensed
Checking medium content...
Medium build date: 12/27/2017
Medium does not support Microsoft Windows (w60 x64 enu).

ERROR: Medium neither supports your Windows nor your Office version.

Ending WSUS Offline Update at 19:49:07.09...

C:\Users\Administrator.mydomain\Desktop\Updates 12-27-16\cmd>
0
 
JohnBusiness Consultant (Owner)Commented:
Maybe WSUS does not support SBS (not a supported product anymore so far as I know). That's too bad.

If you cannot succeed with groups of updates, you may need to back up and start again (reinstall).
0
 
gromackAuthor Commented:
Crossing my fingers & am cutting loose with all 177 updates...
0
 
gromackAuthor Commented:
... 176 succeeded, 1 failed & time to reboot...
0
 
JohnBusiness Consultant (Owner)Commented:
That will have gotten the priority updates done as we have been suggesting. Keep up posted after the restart
0
 
gromackAuthor Commented:
...and 7 hrs later remote desktop & instant housecall show it as offline, but oddly enough, I can ping by name or address.
Other than jumping in the truck & make that 65 mile ride to the office, are there any other options I have to connect to it?
Note to self, thanks for adding IDRAC to the new servers!
0
 
JohnBusiness Consultant (Owner)Commented:
It is hard to say how or if updates may have affected remote access. Possibly a service did not start.
Can you restart the server remotely and then check again, otherwise a visit to the server is almost always in order.
0
 
gromackAuthor Commented:
I dunno - is there another way to start it remotely?
0
 
JohnBusiness Consultant (Owner)Commented:
Only if the computer has a Pre BIOS method of accessing it. Some of our newer servers can do this. Otherwise you need to service it on site.
0
 
gromackAuthor Commented:
I'm guessing I'll get there & find a message like 'applying computer settings' or something like that on the screen, will have to force shutdown & poof, there goes the rest of my day.
0
 
gromackAuthor Commented:
Just like clockwork, "applying computer settings' on the screen. Force quit, restart in safe mode, reboot normally & back to stuck on applying computer settings, which I'm guessing will stay there until hell freezes over, or I boot off of the DVD & restore from back up.
Once this is replaced, I've got a sledgehammer with its name on it...
0
 
mbkitmgrCommented:
Does the server have a remore access controller that you can log into and work on the frozen, OS.  Not knowing the hardware, 99% of my sSMB clients have Dell Servers with IDRAC's, that you can log into the hardware via a browser and work on the frozen/stalled OS.  HP have LILO, IBM/Lenovo have ??.

Its sounding like you'll need to go to site to address that update issue, did you happen to get details of the Update that didnt apply to the OS?
0
 
gromackAuthor Commented:
I think it may have it idrac, just had never been configured & used.
Never did see what updates didn't apply, as it played out like I had assumed it would & I restored to a backup created before updates were applied, as I was anticipating this.
0
 
gromackAuthor Commented:
Gonna make one more run at it, figuring it would be best to have all the updates, etc., before starting my migration process. Planning on doing in groups of 25, unless someone has a better suggestion?
0
 
JohnBusiness Consultant (Owner)Commented:
Planning on doing in groups of 25,   <-- That is a reasonable approach. If all at once did not work, try the groups.
0
 
gromackAuthor Commented:
Apparently, third time's the charm.
After third group of updates, it never came back on line, At least this gives me an excuse to go out & configure the idrac on it!
0
 
gromackAuthor Commented:
Finally bit the bullet, spent someone else's money & made that call to Micro$oft.
Will keep y'all posted...
0
 
gromackAuthor Commented:
M$ guy ran some diagnostics, as well as the SUR tool on it, asked me to run 10 or so updates & that worked fine.
Told me to go ahead & run them in small batches, 10 - 15 at a time. Ran a backup of C & after 4 hours, started the update process. Got through 4 or 5 & on the last reboot, it never came back. Even stranger this time, computer was sitting at the Ctl Alt Del screen, but I couldn't log on! Tried several accounts, domain & local, but kept getting name or password incorrect??? Finally went ahead & restored from backup & was able to log in just fine, but now, it's acting like a new Win 7 installation with the updates - showing that it has never checked for updates, shows none available & has spent the last 40 minutes looking for them...
FFFF******************K!!!
0
 
gromackAuthor Commented:
As it turns out, the answer to the $499 question was to run a full back up, install 5 updates, but don't reboot to finish updates. Run another (incremental) backup, then reboot.
Lather
Rinse
Repeat.
On 1/10, someone with M$, saying he had been reviewing the case & wondered if it could be closed. I told him it was no where near being resolved & my reason for calling was that I felt there was no othere option than backing up, installing a couple of updates & repeating until they were all finished & that I figured for $499, I'd get a better answer than that! He told me he'd have his senior SE contact me on the 11th & I haven't heard anything bock yet.
I wonder how hard it's going to be to get a refund?
0
 
gromackAuthor Commented:
Microsoft agreed that they didn't come up with a viable solution & agreed to a refund.
Took major steps in getting away from 2008 sbs over the weekend, woo-hoo!
0
 
JohnBusiness Consultant (Owner)Commented:
Thanks for the update. Yes - Microsoft will either solve the problem or refund the money.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.