Jump to content

Re: Servers reboot after applying Windows Updates

Guest Jeff Whitehead

By Guest Jeff Whitehead
in Windows 2003 Server

 Share

Recommended Posts

Guest Jeff Whitehead

Guest Jeff Whitehead

Posted
Posted

Re: Servers reboot after applying Windows Updates

 

"Jeff Whitehead" <nospam.jeffwhitehead76@hotmail.com> wrote in message

news:%231KcT8LwIHA.4376@TK2MSFTNGP06.phx.gbl...

> Hi guys,

>

> I have a number of 2003 (Standard) servers, which force reboot after doing

> some of the Windows Updates.

> All our PCs and servers are set to check daily at 13:00 for any new

> updates [a company policy] and some of these require a reboot.

>

> All machines get updates DIRECT using Windows Update (we are not using

> WSUS yet but will be in the future)

>

> I've set the GP option to NOT reboot after automatic update, but

> apparently this only works if a user is logged in at the console.

> ['Computer Configuration/Administrative Templates/Windows

> Components/Windows Update\No auto-restart for scheduled Automatic Updates

> installations' option is set to Enabled and works if a user is logged in,

> but by design, is ignored if user logs out]

>

> I NEVER leave my servers logged in (not even with the screen locked - for

> security purposes) so they spontaneously reboot if there's an update that

> requires it.

>

> Surely I can't be the only one having this problem? Anybody know of a way

> to stop it?

> It only happens on the major updates, but it's annoying when users are

> halfway through something and the server dissappears.

>

>

> [ I realise I could make the servers update out of hours, but then someone

> has to be here in case they DON'T come back up.

> And night times is my backup Window anyway etc, etc....]

>

>

> Thanks,

>

> Jeff.

>

  • Replies 4
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Lawrence Garvin

Guest Lawrence Garvin

Posted
Posted

Re: Servers reboot after applying Windows Updates

 

Re: Servers reboot after applying Windows Updates

 

"Jeff Whitehead" <nospam.jeffwhitehead76@hotmail.com> wrote in message

news:eJ3oKNNwIHA.3484@TK2MSFTNGP06.phx.gbl...

>

> "Jeff Whitehead" <nospam.jeffwhitehead76@hotmail.com> wrote in message

> news:%231KcT8LwIHA.4376@TK2MSFTNGP06.phx.gbl...

>> Hi guys,

>>

>> I have a number of 2003 (Standard) servers, which force reboot after

>> doing some of the Windows Updates.

>> All our PCs and servers are set to check daily at 13:00 for any new

>> updates [a company policy] and some of these require a reboot.

 

Serious misunderstanding here. Your PCs are not "checking daily at 1pm".

They check, randomly, once every 22 hours (by default), and they =install=

the updates at 1:00pm IF the updates have been successfully downloaded from

microsoft.com.

>> I've set the GP option to NOT reboot after automatic update, but

>> apparently this only works if a user is logged in at the console.

 

Actually, the policy is not designed to prevent a reboot entirely, but only

to prevent a reboot =IF= a user is, in fact, logged in - so your observation

is correct -- it only 'works' if a user is logged in at the console; it's

not designed to 'work' if no user is logged in.

 

 

>> ['Computer Configuration/Administrative Templates/Windows

>> Components/Windows Update\No auto-restart for scheduled Automatic Updates

>> installations' option is set to Enabled and works if a user is logged in,

>> but by design, is ignored if user logs out]

>>

>> I NEVER leave my servers logged in (not even with the screen locked - for

>> security purposes) so they spontaneously reboot if there's an update that

>> requires it.

>>

>> Surely I can't be the only one having this problem?

 

The only people still having this problem are those who are new to the

program, or who have not researched "best practices" for configuring servers

to be used with Automatic Updates.

>> Anybody know of a way to stop it?

 

Do not use AU Option #4 on servers -- certainly *not* with a 1:00pm

installation event!

>> It only happens on the major updates, but it's annoying when users are

>> halfway through something and the server dissappears.

 

I bet!

>> [ I realise I could make the servers update out of hours, but then

>> someone has to be here in case they DON'T come back up.

>> And night times is my backup Window anyway etc, etc....]

 

The recommended practice is to use AU Option #3, and install the updates

interactively, at a time conducive to permiting the server to reboot.

 

 

 

--

Lawrence Garvin, M.S., MCITP, MCBMSP, MCTS(x4), MCP

Senior Data Architect, APQC, Houston, Texas

Microsoft MVP - Software Distribution (2005-2008)

 

MS WSUS Website: http://www.microsoft.com/wsus

My Websites: http://www.onsitechsolutions.com;

http://wsusinfo.onsitechsolutions.com

My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

Guest Jeff Whitehead

Guest Jeff Whitehead

Posted
Posted

Re: Servers reboot after applying Windows Updates

 

Re: Servers reboot after applying Windows Updates

 

Hi Lawrence, thanks for your reply....

 

> Serious misunderstanding here. Your PCs are not "checking daily at 1pm".

> They check, randomly, once every 22 hours (by default), and they =install=

> the updates at 1:00pm IF the updates have been successfully downloaded

> from microsoft.com.

 

OK. Hands up... I've re-read the docs and see I'd confused this.

> The only people still having this problem are those who are new to the

> program, or who have not researched "best practices" for configuring

> servers to be used with Automatic Updates.

 

Which is kind of why I asked the question. I do not profess to know all

there is and was NOT slating the product.

Simply asking if anybody knew how this should be set up. Despite several

searches through Technet and Google and attending an MS 2003 Server course,

I had not yet found the solution. The course did touch this subject, but of

course does not answer everybody's specific requirements. And we all know

what search engines are like.... perhaps I didn't ask the question using the

right words.

 

Do you have any good links?

> Do not use AU Option #4 on servers -- certainly *not* with a 1:00pm

> installation event!

 

OK. Now understanding more about how it works, I can see why that's going to

be problematic and is causing exactly what I'm trying to avoid.

 

In fact, we only set it to '4' BECAUSE of our (mis?)interpretation of a

company policy, which states that all available updates must be applied on a

DAILY basis.

 

I am (unfortunately) a single-person IT department, repsonsible for anything

that plugs into the mains, including the kettle.

Having 20 servers, mail routers, firewalls and 150 PCs etc to deal with as

well as helping people who don't know how to change their print settings to

landscape, I don't log in to every server, every day. Therefore, I've been a

bit over optimistic and thought I'd have the server FORCE the update, rather

than waiting for me to have time to log in and check if anything was waiting

for install.

 

I (wrongly) assumed it would install the update and wait for me to

reboot.... but then I suppose if it worked the way I want, I'd have to log

in to the server anyway, to force the reboot. Option 4 seemed the closest to

what we want, but of course reboots the server when we're not ready.

 

I guess we'll have to stick with option 3 and make sure I hang around at the

end of the day to reboot all the servers.

 

Thanks for your comments. Much appreciated.

 

Jeff.

 

"Lawrence Garvin" <onsite@postalias.news> wrote in message

news:C2A0A7BD-74C6-480A-929C-882D85AB8D46@microsoft.com...

> "Jeff Whitehead" <nospam.jeffwhitehead76@hotmail.com> wrote in message

> news:eJ3oKNNwIHA.3484@TK2MSFTNGP06.phx.gbl...

>>

>> "Jeff Whitehead" <nospam.jeffwhitehead76@hotmail.com> wrote in message

>> news:%231KcT8LwIHA.4376@TK2MSFTNGP06.phx.gbl...

>>> Hi guys,

>>>

>>> I have a number of 2003 (Standard) servers, which force reboot after

>>> doing some of the Windows Updates.

>>> All our PCs and servers are set to check daily at 13:00 for any new

>>> updates [a company policy] and some of these require a reboot.

>

> Serious misunderstanding here. Your PCs are not "checking daily at 1pm".

> They check, randomly, once every 22 hours (by default), and they =install=

> the updates at 1:00pm IF the updates have been successfully downloaded

> from microsoft.com.

>

>>> I've set the GP option to NOT reboot after automatic update, but

>>> apparently this only works if a user is logged in at the console.

>

> Actually, the policy is not designed to prevent a reboot entirely, but

> only to prevent a reboot =IF= a user is, in fact, logged in - so your

> observation is correct -- it only 'works' if a user is logged in at the

> console; it's not designed to 'work' if no user is logged in.

>

>

>

>>> ['Computer Configuration/Administrative Templates/Windows

>>> Components/Windows Update\No auto-restart for scheduled Automatic

>>> Updates installations' option is set to Enabled and works if a user is

>>> logged in, but by design, is ignored if user logs out]

>>>

>>> I NEVER leave my servers logged in (not even with the screen locked -

>>> for security purposes) so they spontaneously reboot if there's an update

>>> that requires it.

>>>

>>> Surely I can't be the only one having this problem?

>

> The only people still having this problem are those who are new to the

> program, or who have not researched "best practices" for configuring

> servers to be used with Automatic Updates.

>

>>> Anybody know of a way to stop it?

>

> Do not use AU Option #4 on servers -- certainly *not* with a 1:00pm

> installation event!

>

>>> It only happens on the major updates, but it's annoying when users are

>>> halfway through something and the server dissappears.

>

> I bet!

>

>>> [ I realise I could make the servers update out of hours, but then

>>> someone has to be here in case they DON'T come back up.

>>> And night times is my backup Window anyway etc, etc....]

>

> The recommended practice is to use AU Option #3, and install the updates

> interactively, at a time conducive to permiting the server to reboot.

>

>

>

> --

> Lawrence Garvin, M.S., MCITP, MCBMSP, MCTS(x4), MCP

> Senior Data Architect, APQC, Houston, Texas

> Microsoft MVP - Software Distribution (2005-2008)

>

> MS WSUS Website: http://www.microsoft.com/wsus

> My Websites: http://www.onsitechsolutions.com;

> http://wsusinfo.onsitechsolutions.com

> My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

>

Guest Harry Johnston [MVP]

Guest Harry Johnston [MVP]

Posted
Posted

Re: Servers reboot after applying Windows Updates

 

Re: Servers reboot after applying Windows Updates

 

Jeff Whitehead wrote:

> I guess we'll have to stick with option 3 and make sure I hang around at the

> end of the day to reboot all the servers.

 

If you can specify a time of day at which a reboot is safe, you can use option

4; it still isn't recommended, however, because option 3 also has the

significant advantage of allowing you to check that only those updates you

expected are applied.

 

Harry.

Guest Asher_N

Guest Asher_N

Posted
Posted

Re: Servers reboot after applying Windows Updates

 

Re: Servers reboot after applying Windows Updates

 

"Jeff Whitehead" <nospam.jeffwhitehead76@hotmail.com> wrote in

news:eyrgQAYwIHA.1240@TK2MSFTNGP02.phx.gbl:

> Hi Lawrence, thanks for your reply....

>

>

>> Serious misunderstanding here. Your PCs are not "checking daily at

>> 1pm". They check, randomly, once every 22 hours (by default), and

>> they =install= the updates at 1:00pm IF the updates have been

>> successfully downloaded from microsoft.com.

>

> OK. Hands up... I've re-read the docs and see I'd confused this.

>

>> The only people still having this problem are those who are new to

>> the program, or who have not researched "best practices" for

>> configuring servers to be used with Automatic Updates.

>

> Which is kind of why I asked the question. I do not profess to know

> all there is and was NOT slating the product.

> Simply asking if anybody knew how this should be set up. Despite

> several searches through Technet and Google and attending an MS 2003

> Server course, I had not yet found the solution. The course did touch

> this subject, but of course does not answer everybody's specific

> requirements. And we all know what search engines are like.... perhaps

> I didn't ask the question using the right words.

>

> Do you have any good links?

>

>> Do not use AU Option #4 on servers -- certainly *not* with a 1:00pm

>> installation event!

>

> OK. Now understanding more about how it works, I can see why that's

> going to be problematic and is causing exactly what I'm trying to

> avoid.

>

> In fact, we only set it to '4' BECAUSE of our (mis?)interpretation of

> a company policy, which states that all available updates must be

> applied on a DAILY basis.

>

> I am (unfortunately) a single-person IT department, repsonsible for

> anything that plugs into the mains, including the kettle.

> Having 20 servers, mail routers, firewalls and 150 PCs etc to deal

> with as well as helping people who don't know how to change their

> print settings to landscape, I don't log in to every server, every

> day. Therefore, I've been a bit over optimistic and thought I'd have

> the server FORCE the update, rather than waiting for me to have time

> to log in and check if anything was waiting for install.

>

> I (wrongly) assumed it would install the update and wait for me to

> reboot.... but then I suppose if it worked the way I want, I'd have to

> log in to the server anyway, to force the reboot. Option 4 seemed the

> closest to what we want, but of course reboots the server when we're

> not ready.

>

> I guess we'll have to stick with option 3 and make sure I hang around

> at the end of the day to reboot all the servers.

>

> Thanks for your comments. Much appreciated.

>

> Jeff.

>

 

 

Jeff,

 

My shop is similar to yours in size. I removed the user's ability to shut

down through a GPO. They can only log off. All workstations have an

install scheduled for 0300.

 

Servers use option 3. I have 1 server that is not being used for anything

other than applying updates. It gets updated first, to see if a reboot is

required. If the curent updates do not require reboot, I then do all my

servers when convinient. Otherwise, I schedule a time where all servers

will be unavailable and come in to apply the updates.

 

You need to make your boss understand that updates are available only

once a month. A daily cycle is not necessary.

> "Lawrence Garvin" <onsite@postalias.news> wrote in message

> news:C2A0A7BD-74C6-480A-929C-882D85AB8D46@microsoft.com...

>> "Jeff Whitehead" <nospam.jeffwhitehead76@hotmail.com> wrote in

>> message news:eJ3oKNNwIHA.3484@TK2MSFTNGP06.phx.gbl...

>>>

>>> "Jeff Whitehead" <nospam.jeffwhitehead76@hotmail.com> wrote in

>>> message news:%231KcT8LwIHA.4376@TK2MSFTNGP06.phx.gbl...

>>>> Hi guys,

>>>>

>>>> I have a number of 2003 (Standard) servers, which force reboot

>>>> after doing some of the Windows Updates.

>>>> All our PCs and servers are set to check daily at 13:00 for any new

>>>> updates [a company policy] and some of these require a reboot.

>>

>> Serious misunderstanding here. Your PCs are not "checking daily at

>> 1pm". They check, randomly, once every 22 hours (by default), and

>> they =install= the updates at 1:00pm IF the updates have been

>> successfully downloaded from microsoft.com.

>>

>>>> I've set the GP option to NOT reboot after automatic update, but

>>>> apparently this only works if a user is logged in at the console.

>>

>> Actually, the policy is not designed to prevent a reboot entirely,

>> but only to prevent a reboot =IF= a user is, in fact, logged in - so

>> your observation is correct -- it only 'works' if a user is logged in

>> at the console; it's not designed to 'work' if no user is logged in.

>>

>>

>>

>>>> ['Computer Configuration/Administrative Templates/Windows

>>>> Components/Windows Update\No auto-restart for scheduled Automatic

>>>> Updates installations' option is set to Enabled and works if a user

>>>> is logged in, but by design, is ignored if user logs out]

>>>>

>>>> I NEVER leave my servers logged in (not even with the screen locked

>>>> - for security purposes) so they spontaneously reboot if there's an

>>>> update that requires it.

>>>>

>>>> Surely I can't be the only one having this problem?

>>

>> The only people still having this problem are those who are new to

>> the program, or who have not researched "best practices" for

>> configuring servers to be used with Automatic Updates.

>>

>>>> Anybody know of a way to stop it?

>>

>> Do not use AU Option #4 on servers -- certainly *not* with a 1:00pm

>> installation event!

>>

>>>> It only happens on the major updates, but it's annoying when users

>>>> are halfway through something and the server dissappears.

>>

>> I bet!

>>

>>>> [ I realise I could make the servers update out of hours, but then

>>>> someone has to be here in case they DON'T come back up.

>>>> And night times is my backup Window anyway etc, etc....]

>>

>> The recommended practice is to use AU Option #3, and install the

>> updates interactively, at a time conducive to permiting the server to

>> reboot.

>>

>>

>>

>> --

>> Lawrence Garvin, M.S., MCITP, MCBMSP, MCTS(x4), MCP

>> Senior Data Architect, APQC, Houston, Texas

>> Microsoft MVP - Software Distribution (2005-2008)

>>

>> MS WSUS Website: http://www.microsoft.com/wsus

>> My Websites: http://www.onsitechsolutions.com;

>> http://wsusinfo.onsitechsolutions.com

>> My MVP Profile:

>> http://mvp.support.microsoft.com/profile/Lawrence.Garvin

>>

>

>

 Share
Go to topic listing
×
×
  • Create New...