Přihlásit
 
HlavníKnihovnaCertifikaceDownloadPodporaKomunitaFóra
Zdroje informací pro profesionály v oboru IT >
Complete all patches in one reboot cycle?

Answered Complete all patches in one reboot cycle?

  • 3. května 2012 17:50
     
     
    Přihlásit se a hlasovat
    0

    When we approve a list of patches for some computers, they occasionally still have remaining patches to install after the scheduled reboot time specified in group policy.  This causes a problem as our maintenance windows are for a specific date, ie Week2-Sat at 3am.  What then happens is this remaining approved update will patch the follow Saturday at 3am.

    Can someone help me understand why all patches arent installed in one reboot cycle?  I understand its most likely due to one approved patch depending on the installation of another approved patch, but I would like to be able to determine this will happen before it occurs.  Also if anyone knows how to specify only patch on this date (not day) that would be helpful as well.

    Thanks for any assistance.

     

Všechny reakce

  • 4. května 2012 9:29
    Moderátor
     
     Odpovědět
    Přihlásit se a hlasovat
    0

    When we approve a list of patches for some computers, they occasionally still have remaining patches to install after the scheduled reboot time specified in group policy.  This causes a problem as our maintenance windows are for a specific date, ie Week2-Sat at 3am.  What then happens is this remaining approved update will patch the follow Saturday at 3am.

    Can someone help me understand why all patches arent installed in one reboot cycle?  I understand its most likely due to one approved patch depending on the installation of another approved patch, but I would like to be able to determine this will happen before it occurs.  Also if anyone knows how to specify only patch on this date (not day) that would be helpful as well.

    Thanks for any assistance.

    Once you approve a list of patches on the WSUS, there will take some time to download them one-by-one,especially for some bigger update file,it is possible that some of the updates are not downloaded  when clients are contacting the WSUS for its detecting cycle,and the long time interval between the updates you approved may also lead to the patches not excuted in one reboot cycle.

    Another possibility is that for some special update (.net or IE or others),they are designed to install and reboot exclusively.In this case,you may need to excute an exclusive reboot for them seperately.

    Regards,

    Clarence

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

     
  • 4. května 2012 14:58
     
     
    Přihlásit se a hlasovat
    0

    Hi Clarence.  Thank you for your reply.  I think the second scenario you described is what is going on for us.  I dont think the first scenario would be an issue as we approve a list of patches about a 6 days in advance.

    Is there some attribute or way I can determine if patches are designed to install/reboot exclusively?

    Thanks

     
  • 4. května 2012 20:45
     
     
    Přihlásit se a hlasovat
    0

    Hi Jason,

    There is a command line tool called Wuinstall (http://www.wuinstall.com). When calling WuInstall on a client machine, all available patches are applied immediately. The latest version is also able to install patches over multiple reboot cycles completely unattended. See the /rebootcycle option or http://www.wuinstall.com/index.php/howto#3_2. This should solve the problem when patches are depending on the installation of another.

    "With this option complete cumulative updating of windows systems becomes possible. That means installing updates, rebooting and installing further updates will be automated. After performing an update and rebooting afterwards, WuInstall starts again ...."

    br,

    Gerald

     
  • 5. května 2012 12:17
     
     
    Přihlásit se a hlasovat
    0

    Is there some attribute or way I can determine if patches are designed to install/reboot exclusively?


    Hi, this information is provided in the update metadata and can be seen on the details of the update, within the WSUS console, and also at the MU catalog website http://catalog.update.microsoft.com

    Don

     
  • 7. května 2012 3:37
    Moderátor
     
     
    Přihlásit se a hlasovat
    0

    Hi Clarence.  Thank you for your reply.  I think the second scenario you described is what is going on for us.  I dont think the first scenario would be an issue as we approve a list of patches about a 6 days in advance.

    Is there some attribute or way I can determine if patches are designed to install/reboot exclusively?

    Thanks


    Sometimes they are published with the note that (This update may need to install independently) in the Microsoft Security Bulletins:http://technet.microsoft.com/en-us/security/bulletin

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.