• Status: Solved
  • Priority: Low
  • Security: Public
  • Views: 81
  • Last Modified:

Different Windows Updates on identical servers?

I have Server1 that shows today (2/26/2018) an update needed: 2017-12 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB4054519)

I also have Server2 that shows today an update needed: 2018-02 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB4074594)

Both servers had the same previous rollup installed: 2017-10 KB4041693

Why is this?  Shouldn't both be at 2018-02 since it, I thought, includes fixes from 2017-12???

Am I safe to just download the standalone for 2018-02 and install on both servers?
0
Tim Phillips
Asked:
Tim Phillips
  • 3
  • 2
  • 2
  • +2
2 Solutions
 
JohnBusiness Consultant (Owner)Commented:
Do they have different BIOS levels?  That is about the only reason I could think that different updates would apply.
0
 
Cliff GaliherCommented:
Let windows update do its thing. Even in "identical" servers, small variances in firmware and such can cause WU to decide to withhold and update. Especially with the spectre and meltdown patch situation  I'd be inclined to rub updates then rescan. Don't force an update.
0
 
Tim PhillipsWindows Systems AdministratorAuthor Commented:
Both are VMs on the same host.  It is just super odd that they would both have the same previous patch level, but require different new rollup patch levels.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
JohnBusiness Consultant (Owner)Commented:
Always let any machine do its own updates. As Cliff said, do not force
0
 
Tim PhillipsWindows Systems AdministratorAuthor Commented:
The problem is that we have a sandbed that has a replica of Prod servers.  In one instance I have an "identical" VM in the sandbox to use to QA the updates, but that VM is asking for a more current patch than the one the Prod VM is asking for.  For auditing purposes I need to QA each patch...  

That being said, I used one of our sandbox of the sandbox VMs that had same patch listed as Prod.  I manually installed the current patch instead of the one in Windows Update and it worked just fine.  The old patch doesn't show in Windows Updates anymore.

Part of me is thinking of going the opposite route.  Maybe I should manually download the older patch that Prod is asking for and use that on the normal sandbox (even though it is requesting the newer patch).  That would be less "risky" on Prod since I'd be forcing a different update on the sandbox instead of Prod.  Does that sound better?
0
 
Cliff GaliherCommented:
Yes. That is definitely better.
0
 
Brandon LyonSenior Frontend DeveloperCommented:
For the future, if it's a big enough issue and they're supposed to be identical then you might want to look into running your own Windows Update Server. Personally I would be inclined to search for a long-term solution like that to keep them synchronized.
0
 
McKnifeCommented:
Be aware that for patches to be detected, the registry key that assures AV software compatibility needs to exist. That might be an explanation.
The key is
--
"HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"
Value="cadca5fe-87d3-4b96-b7fb-a231484277cc"
Type="REG_DWORD”
Data="0x00000000”
--
You will run into the same problem again if the key is not set.
Please note that compatible AV software would set the key automatically. Check its presence. if not present, either the AV software is incompatible or not up2date OR no AV is installed.
0
 
Tim PhillipsWindows Systems AdministratorAuthor Commented:
Appeared to be the safest approach.  Even though I was able to successfully install the latest version of the patch in Dev, I'd rather flow more naturally in Prod.
0
 
McKnifeCommented:
Tim, did you check the registry key's presence?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

  • 3
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now