Re: Servers reboot after applying Windows Updates

  • Thread starter Thread starter Jeff Whitehead
  • Start date Start date
J

Jeff Whitehead

Guest
Re: Servers reboot after applying Windows Updates

"Jeff Whitehead" <nospam.jeffwhitehead76@hotmail.com> wrote in message
news:%231KcT8LwIHA.4376@TK2MSFTNGP06.phx.gbl...
> Hi guys,
>
> I have a number of 2003 (Standard) servers, which force reboot after doing
> some of the Windows Updates.
> All our PCs and servers are set to check daily at 13:00 for any new
> updates [a company policy] and some of these require a reboot.
>
> All machines get updates DIRECT using Windows Update (we are not using
> WSUS yet but will be in the future)
>
> I've set the GP option to NOT reboot after automatic update, but
> apparently this only works if a user is logged in at the console.
> ['Computer Configuration/Administrative Templates/Windows
> Components/Windows Update\No auto-restart for scheduled Automatic Updates
> installations' option is set to Enabled and works if a user is logged in,
> but by design, is ignored if user logs out]
>
> I NEVER leave my servers logged in (not even with the screen locked - for
> security purposes) so they spontaneously reboot if there's an update that
> requires it.
>
> Surely I can't be the only one having this problem? Anybody know of a way
> to stop it?
> It only happens on the major updates, but it's annoying when users are
> halfway through something and the server dissappears.
>
>
> [ I realise I could make the servers update out of hours, but then someone
> has to be here in case they DON'T come back up.
> And night times is my backup Window anyway etc, etc....]
>
>
> Thanks,
>
> Jeff.
>
 
Re: Servers reboot after applying Windows Updates

Re: Servers reboot after applying Windows Updates

"Jeff Whitehead" <nospam.jeffwhitehead76@hotmail.com> wrote in message
news:eJ3oKNNwIHA.3484@TK2MSFTNGP06.phx.gbl...
>
> "Jeff Whitehead" <nospam.jeffwhitehead76@hotmail.com> wrote in message
> news:%231KcT8LwIHA.4376@TK2MSFTNGP06.phx.gbl...
>> Hi guys,
>>
>> I have a number of 2003 (Standard) servers, which force reboot after
>> doing some of the Windows Updates.
>> All our PCs and servers are set to check daily at 13:00 for any new
>> updates [a company policy] and some of these require a reboot.

Serious misunderstanding here. Your PCs are not "checking daily at 1pm".
They check, randomly, once every 22 hours (by default), and they =install=
the updates at 1:00pm IF the updates have been successfully downloaded from
microsoft.com.

>> I've set the GP option to NOT reboot after automatic update, but
>> apparently this only works if a user is logged in at the console.

Actually, the policy is not designed to prevent a reboot entirely, but only
to prevent a reboot =IF= a user is, in fact, logged in - so your observation
is correct -- it only 'works' if a user is logged in at the console; it's
not designed to 'work' if no user is logged in.



>> ['Computer Configuration/Administrative Templates/Windows
>> Components/Windows Update\No auto-restart for scheduled Automatic Updates
>> installations' option is set to Enabled and works if a user is logged in,
>> but by design, is ignored if user logs out]
>>
>> I NEVER leave my servers logged in (not even with the screen locked - for
>> security purposes) so they spontaneously reboot if there's an update that
>> requires it.
>>
>> Surely I can't be the only one having this problem?

The only people still having this problem are those who are new to the
program, or who have not researched "best practices" for configuring servers
to be used with Automatic Updates.

>> Anybody know of a way to stop it?

Do not use AU Option #4 on servers -- certainly *not* with a 1:00pm
installation event!

>> It only happens on the major updates, but it's annoying when users are
>> halfway through something and the server dissappears.

I bet!

>> [ I realise I could make the servers update out of hours, but then
>> someone has to be here in case they DON'T come back up.
>> And night times is my backup Window anyway etc, etc....]

The recommended practice is to use AU Option #3, and install the updates
interactively, at a time conducive to permiting the server to reboot.



--
Lawrence Garvin, M.S., MCITP, MCBMSP, MCTS(x4), MCP
Senior Data Architect, APQC, Houston, Texas
Microsoft MVP - Software Distribution (2005-2008)

MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
 
Re: Servers reboot after applying Windows Updates

Re: Servers reboot after applying Windows Updates

Hi Lawrence, thanks for your reply....


> Serious misunderstanding here. Your PCs are not "checking daily at 1pm".
> They check, randomly, once every 22 hours (by default), and they =install=
> the updates at 1:00pm IF the updates have been successfully downloaded
> from microsoft.com.

OK. Hands up... I've re-read the docs and see I'd confused this.

> The only people still having this problem are those who are new to the
> program, or who have not researched "best practices" for configuring
> servers to be used with Automatic Updates.

Which is kind of why I asked the question. I do not profess to know all
there is and was NOT slating the product.
Simply asking if anybody knew how this should be set up. Despite several
searches through Technet and Google and attending an MS 2003 Server course,
I had not yet found the solution. The course did touch this subject, but of
course does not answer everybody's specific requirements. And we all know
what search engines are like.... perhaps I didn't ask the question using the
right words.

Do you have any good links?

> Do not use AU Option #4 on servers -- certainly *not* with a 1:00pm
> installation event!

OK. Now understanding more about how it works, I can see why that's going to
be problematic and is causing exactly what I'm trying to avoid.

In fact, we only set it to '4' BECAUSE of our (mis?)interpretation of a
company policy, which states that all available updates must be applied on a
DAILY basis.

I am (unfortunately) a single-person IT department, repsonsible for anything
that plugs into the mains, including the kettle.
Having 20 servers, mail routers, firewalls and 150 PCs etc to deal with as
well as helping people who don't know how to change their print settings to
landscape, I don't log in to every server, every day. Therefore, I've been a
bit over optimistic and thought I'd have the server FORCE the update, rather
than waiting for me to have time to log in and check if anything was waiting
for install.

I (wrongly) assumed it would install the update and wait for me to
reboot.... but then I suppose if it worked the way I want, I'd have to log
in to the server anyway, to force the reboot. Option 4 seemed the closest to
what we want, but of course reboots the server when we're not ready.

I guess we'll have to stick with option 3 and make sure I hang around at the
end of the day to reboot all the servers.

Thanks for your comments. Much appreciated.

Jeff.

"Lawrence Garvin" <onsite@postalias.news> wrote in message
news:C2A0A7BD-74C6-480A-929C-882D85AB8D46@microsoft.com...
> "Jeff Whitehead" <nospam.jeffwhitehead76@hotmail.com> wrote in message
> news:eJ3oKNNwIHA.3484@TK2MSFTNGP06.phx.gbl...
>>
>> "Jeff Whitehead" <nospam.jeffwhitehead76@hotmail.com> wrote in message
>> news:%231KcT8LwIHA.4376@TK2MSFTNGP06.phx.gbl...
>>> Hi guys,
>>>
>>> I have a number of 2003 (Standard) servers, which force reboot after
>>> doing some of the Windows Updates.
>>> All our PCs and servers are set to check daily at 13:00 for any new
>>> updates [a company policy] and some of these require a reboot.
>
> Serious misunderstanding here. Your PCs are not "checking daily at 1pm".
> They check, randomly, once every 22 hours (by default), and they =install=
> the updates at 1:00pm IF the updates have been successfully downloaded
> from microsoft.com.
>
>>> I've set the GP option to NOT reboot after automatic update, but
>>> apparently this only works if a user is logged in at the console.
>
> Actually, the policy is not designed to prevent a reboot entirely, but
> only to prevent a reboot =IF= a user is, in fact, logged in - so your
> observation is correct -- it only 'works' if a user is logged in at the
> console; it's not designed to 'work' if no user is logged in.
>
>
>
>>> ['Computer Configuration/Administrative Templates/Windows
>>> Components/Windows Update\No auto-restart for scheduled Automatic
>>> Updates installations' option is set to Enabled and works if a user is
>>> logged in, but by design, is ignored if user logs out]
>>>
>>> I NEVER leave my servers logged in (not even with the screen locked -
>>> for security purposes) so they spontaneously reboot if there's an update
>>> that requires it.
>>>
>>> Surely I can't be the only one having this problem?
>
> The only people still having this problem are those who are new to the
> program, or who have not researched "best practices" for configuring
> servers to be used with Automatic Updates.
>
>>> Anybody know of a way to stop it?
>
> Do not use AU Option #4 on servers -- certainly *not* with a 1:00pm
> installation event!
>
>>> It only happens on the major updates, but it's annoying when users are
>>> halfway through something and the server dissappears.
>
> I bet!
>
>>> [ I realise I could make the servers update out of hours, but then
>>> someone has to be here in case they DON'T come back up.
>>> And night times is my backup Window anyway etc, etc....]
>
> The recommended practice is to use AU Option #3, and install the updates
> interactively, at a time conducive to permiting the server to reboot.
>
>
>
> --
> Lawrence Garvin, M.S., MCITP, MCBMSP, MCTS(x4), MCP
> Senior Data Architect, APQC, Houston, Texas
> Microsoft MVP - Software Distribution (2005-2008)
>
> MS WSUS Website: http://www.microsoft.com/wsus
> My Websites: http://www.onsitechsolutions.com;
> http://wsusinfo.onsitechsolutions.com
> My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
>
 
Re: Servers reboot after applying Windows Updates

Re: Servers reboot after applying Windows Updates

Jeff Whitehead wrote:

> I guess we'll have to stick with option 3 and make sure I hang around at the
> end of the day to reboot all the servers.

If you can specify a time of day at which a reboot is safe, you can use option
4; it still isn't recommended, however, because option 3 also has the
significant advantage of allowing you to check that only those updates you
expected are applied.

Harry.
 
Re: Servers reboot after applying Windows Updates

Re: Servers reboot after applying Windows Updates

"Jeff Whitehead" <nospam.jeffwhitehead76@hotmail.com> wrote in
news:eyrgQAYwIHA.1240@TK2MSFTNGP02.phx.gbl:

> Hi Lawrence, thanks for your reply....
>
>
>> Serious misunderstanding here. Your PCs are not "checking daily at
>> 1pm". They check, randomly, once every 22 hours (by default), and
>> they =install= the updates at 1:00pm IF the updates have been
>> successfully downloaded from microsoft.com.
>
> OK. Hands up... I've re-read the docs and see I'd confused this.
>
>> The only people still having this problem are those who are new to
>> the program, or who have not researched "best practices" for
>> configuring servers to be used with Automatic Updates.
>
> Which is kind of why I asked the question. I do not profess to know
> all there is and was NOT slating the product.
> Simply asking if anybody knew how this should be set up. Despite
> several searches through Technet and Google and attending an MS 2003
> Server course, I had not yet found the solution. The course did touch
> this subject, but of course does not answer everybody's specific
> requirements. And we all know what search engines are like.... perhaps
> I didn't ask the question using the right words.
>
> Do you have any good links?
>
>> Do not use AU Option #4 on servers -- certainly *not* with a 1:00pm
>> installation event!
>
> OK. Now understanding more about how it works, I can see why that's
> going to be problematic and is causing exactly what I'm trying to
> avoid.
>
> In fact, we only set it to '4' BECAUSE of our (mis?)interpretation of
> a company policy, which states that all available updates must be
> applied on a DAILY basis.
>
> I am (unfortunately) a single-person IT department, repsonsible for
> anything that plugs into the mains, including the kettle.
> Having 20 servers, mail routers, firewalls and 150 PCs etc to deal
> with as well as helping people who don't know how to change their
> print settings to landscape, I don't log in to every server, every
> day. Therefore, I've been a bit over optimistic and thought I'd have
> the server FORCE the update, rather than waiting for me to have time
> to log in and check if anything was waiting for install.
>
> I (wrongly) assumed it would install the update and wait for me to
> reboot.... but then I suppose if it worked the way I want, I'd have to
> log in to the server anyway, to force the reboot. Option 4 seemed the
> closest to what we want, but of course reboots the server when we're
> not ready.
>
> I guess we'll have to stick with option 3 and make sure I hang around
> at the end of the day to reboot all the servers.
>
> Thanks for your comments. Much appreciated.
>
> Jeff.
>


Jeff,

My shop is similar to yours in size. I removed the user's ability to shut
down through a GPO. They can only log off. All workstations have an
install scheduled for 0300.

Servers use option 3. I have 1 server that is not being used for anything
other than applying updates. It gets updated first, to see if a reboot is
required. If the curent updates do not require reboot, I then do all my
servers when convinient. Otherwise, I schedule a time where all servers
will be unavailable and come in to apply the updates.

You need to make your boss understand that updates are available only
once a month. A daily cycle is not necessary.

> "Lawrence Garvin" <onsite@postalias.news> wrote in message
> news:C2A0A7BD-74C6-480A-929C-882D85AB8D46@microsoft.com...
>> "Jeff Whitehead" <nospam.jeffwhitehead76@hotmail.com> wrote in
>> message news:eJ3oKNNwIHA.3484@TK2MSFTNGP06.phx.gbl...
>>>
>>> "Jeff Whitehead" <nospam.jeffwhitehead76@hotmail.com> wrote in
>>> message news:%231KcT8LwIHA.4376@TK2MSFTNGP06.phx.gbl...
>>>> Hi guys,
>>>>
>>>> I have a number of 2003 (Standard) servers, which force reboot
>>>> after doing some of the Windows Updates.
>>>> All our PCs and servers are set to check daily at 13:00 for any new
>>>> updates [a company policy] and some of these require a reboot.
>>
>> Serious misunderstanding here. Your PCs are not "checking daily at
>> 1pm". They check, randomly, once every 22 hours (by default), and
>> they =install= the updates at 1:00pm IF the updates have been
>> successfully downloaded from microsoft.com.
>>
>>>> I've set the GP option to NOT reboot after automatic update, but
>>>> apparently this only works if a user is logged in at the console.
>>
>> Actually, the policy is not designed to prevent a reboot entirely,
>> but only to prevent a reboot =IF= a user is, in fact, logged in - so
>> your observation is correct -- it only 'works' if a user is logged in
>> at the console; it's not designed to 'work' if no user is logged in.
>>
>>
>>
>>>> ['Computer Configuration/Administrative Templates/Windows
>>>> Components/Windows Update\No auto-restart for scheduled Automatic
>>>> Updates installations' option is set to Enabled and works if a user
>>>> is logged in, but by design, is ignored if user logs out]
>>>>
>>>> I NEVER leave my servers logged in (not even with the screen locked
>>>> - for security purposes) so they spontaneously reboot if there's an
>>>> update that requires it.
>>>>
>>>> Surely I can't be the only one having this problem?
>>
>> The only people still having this problem are those who are new to
>> the program, or who have not researched "best practices" for
>> configuring servers to be used with Automatic Updates.
>>
>>>> Anybody know of a way to stop it?
>>
>> Do not use AU Option #4 on servers -- certainly *not* with a 1:00pm
>> installation event!
>>
>>>> It only happens on the major updates, but it's annoying when users
>>>> are halfway through something and the server dissappears.
>>
>> I bet!
>>
>>>> [ I realise I could make the servers update out of hours, but then
>>>> someone has to be here in case they DON'T come back up.
>>>> And night times is my backup Window anyway etc, etc....]
>>
>> The recommended practice is to use AU Option #3, and install the
>> updates interactively, at a time conducive to permiting the server to
>> reboot.
>>
>>
>>
>> --
>> Lawrence Garvin, M.S., MCITP, MCBMSP, MCTS(x4), MCP
>> Senior Data Architect, APQC, Houston, Texas
>> Microsoft MVP - Software Distribution (2005-2008)
>>
>> MS WSUS Website: http://www.microsoft.com/wsus
>> My Websites: http://www.onsitechsolutions.com;
>> http://wsusinfo.onsitechsolutions.com
>> My MVP Profile:
>> http://mvp.support.microsoft.com/profile/Lawrence.Garvin
>>
>
>
 
Back
Top