none
Server 2012 and Windows Update Schedule - only option is daily installation?

    Question

  • Hi all

    How to configure Windows Update on Server 2012 to install updates once a week?

    I've assigned a GPO with WSUS-Settings for installation once a week, which is working on Server 2008 R2 and earlier versions.

    But on Server 2012 it won't be applied correctly because under "Automatic Maintenance" in the "Action Center" area in the Control Panel there is only one option to choose which is daily installation.

    How to change the update frequency to weekly? I've not found any option within GPO or GUI.

    Thanks.

    querdm

    Saturday, December 15, 2012 1:05 PM

All replies

  • Hi,

    You can't change the setting using UI anymore.But the GPO is still applied.Since it is a WSUS client,pls refer to the policy "configure automatic updates" to define to install updates once a week.


    regards,

    Clarence


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    • Proposed as answer by David↓ Tuesday, March 12, 2013 1:45 PM
    • Unproposed as answer by David↓ Tuesday, March 12, 2013 1:45 PM
    Monday, December 17, 2012 7:53 AM
    Moderator
  • Hi Clarence

    It is a WSUS Client, I have applied the GPO with config to install updates on Thursday.

    But updates will still be installed every day, on the selected time within "Automatic Maintenance".

    The GPO does not change or overwrite that, I mean the GPO has no precedence.

    So I'm not able to let the updates be installed once a week anymore?

    Thank you.

    querdm

    Monday, December 17, 2012 8:15 PM
  • Hi,

    I don't think so.The GPO should take the precedence over the UI.How did you get updates installed every day?To test,Pls try to config to install updates on Thursday, and then approve for a update on friday to see whether it will be installed.

    Also,in the action center,you can turn off the automatic maintenance to test whether it works.

    regards,

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Tuesday, December 18, 2012 7:03 AM
    Moderator
  • Hi,

    I did a test and applied a GPO with install updates on Thursday 23:00.

    There was an update for this server which was installed on Wednesday 15:00 like configured in the "Automatic Maintenance".

    So the update was installed on Wednesday and not un Thursday 23:00.

    The GPO does not take the precedence but it was applied correctly as I can see by registry-keys and gpresult. What is going wrong there?

    Thank you.

    qwerdm

    Tuesday, December 18, 2012 12:40 PM
  • Hi,

    I did another Test today. New Server 2012,

    1. WSUS GPO applied with installation on Thursday 22:00, checked by regedit and GUI

    2. server restarted

    3. Updates approved for installation, checked in GUI of Server

    4. Checked and adjusted Automatic Maintenance Hour to 09:00.

    5.  Logoff and wait until 09:00

    6. Logon at 11:00, look at Update history

    RESULT: both updates have been installed at 09:00

    Is there anything wrong?

    Any help would be appreciated, thank you.

    regards, dom

    Thursday, December 20, 2012 10:33 AM
  • Has anyone tested this so far?

    Any help would be appreciated, thank you.

    regards, dom

    Friday, December 21, 2012 10:55 AM
  • Any updates?  I'm experiencing the same thing.  GP correctly applies automatic update settings to install every Sunday during our maintenance window, but the Server still installs updates and reboots daily at 3am during it's maintenance window.  I need to be able to change this to weekly.  A daily maintenance window in ridiculous.
    Thursday, January 03, 2013 8:09 PM
  • We have about 45 Servers with mixed Versions Server 2003 and 2008R2. The GPO for getting WSUS-Updates is over five years old installs the updates on sunday night with an reboot. Now we have four Servers 2012 with the same GPO applied. These Servers are installing and rebooting daily at 3am during the maintanence window. These setting cannot be changed in the policy or UI.

    The next fact about updating Server 2012 is, that if you install updates manually on weekdays and the user logs off, the server reboots itself without warning. These setting cannot be changed. Older Server Versions are not rebooting itself and can be controlled trough policy.

    Friday, January 04, 2013 2:34 PM
  • Similar problem here.
    Tuesday, January 08, 2013 12:33 PM
  • As a WorkAround I would suggest to change the interval for the Automatic Maintenance in the Task Scheduler - Task Scheduler Library - Microsoft - Windows - TaskScheduler -> in the properties of Regular Maintenance Task, under the Triggers Tab you can check and edit the Settings.

    Notice that the changes may not be displayed in the Action Center - Automatic Maintenance Settings
    Monday, January 21, 2013 10:18 AM
  • Try to set the GPO-Configuration from a Microsoft Windows Server 2012 RSAT Snap-In.

    I've tested it and so far it seems to work like a charm.

    My HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

    AUOptions : 4

    NoAutoUpdate : 0

    ScheduledInstallDay : 2

    ScheduledInstallTime : 7

    Monday, January 21, 2013 2:41 PM
  • These settings are applied through the existing Policy on Server 2012.
    The Policy Settings (ADMX) haven't changed since Server 2008.
    So what is the difference to a new GPO with 2012 RSAT?
    If i look at Catalin Magher post it might be a solution to disable the Maintenance Task.
    What Jobs does the Maintenance Task in TasKScheduler exactly run?
    If the Job is active in TasKScheduler and not controlled through registry like the WSUS settings,
    how should WindowsUpdate know which one is the preferred setting?

    Tuesday, January 29, 2013 11:18 AM
  • We are having the same Problem. 

    20 Servers have restarted at the same time which has resulted in a total failure of our entire environment. Why having server redundancy when they update at the same day??

    A few weeks ago, i connected to a disconnected remote session on a server and got the message... restartin in 15 minutes....

    Without the ability to stop this, the server has done a restart during main working time which results in a downtime of over 1 hour of our entire company. The same thing happened 5 times, then we disabled automatic updates.

    The only option for us was to disable automatic updates on all servers AND Workstations because of the forced restart.

    This is absolutely horrible !!!  No way to use automatic updates this way !!

    On Server 2008 R2.. It was possible to define a weekday for installing updates and by GPO, it was possible to force the restart even when a user has a disconnected rdp session or is just logged in without actually using the Workstation oder Server. But Windows 2012 waits until the user which is logged in is using the server or workstation again and then displays the 15 minute countdown which us usually is during worktime... so the server or workstation restarts during worktime which is absolutely not acceptable..
    • Edited by Andreas Pross Saturday, February 02, 2013 10:43 PM added information
    Saturday, February 02, 2013 10:32 PM
  • As a WorkAround I would suggest to change the interval for the Automatic Maintenance in the Task Scheduler - Task Scheduler Library - Microsoft - Windows - TaskScheduler -> in the properties of Regular Maintenance Task, under the Triggers Tab you can check and edit the Settings.

    Notice that the changes may not be displayed in the Action Center - Automatic Maintenance Settings
    After a reboot, the settings where restored to the daily values again. Not sure if this is due to a setting in GPO.
    Saturday, February 02, 2013 10:45 PM
  • We are having the same Problem. 

    20 Servers have restarted at the same time which has resulted in a total failure of our entire environment. Why having server redundancy when they update at the same day??

    A few weeks ago, i connected to a disconnected remote session on a server and got the message... restartin in 15 minutes....

    Without the ability to stop this, the server has done a restart during main working time which results in a downtime of over 1 hour of our entire company. The same thing happened 5 times, then we disabled automatic updates.

    The only option for us was to disable automatic updates on all servers AND Workstations because of the forced restart.

    This is absolutely horrible !!!  No way to use automatic updates this way !!

    On Server 2008 R2.. It was possible to define a weekday for installing updates and by GPO, it was possible to force the restart even when a user has a disconnected rdp session or is just logged in without actually using the Workstation oder Server. But Windows 2012 waits until the user which is logged in is using the server or workstation again and then displays the 15 minute countdown which us usually is during worktime... so the server or workstation restarts during worktime which is absolutely not acceptable..
    Has anyone figured out a solution other than disable auto updates? This is driving me bonkers.
    Tuesday, February 19, 2013 2:50 AM
  • I too would like to know of an answer.  I can't believe something this simple was overlooked by Microsoft.  I have deployed 13 Virtual Servers in Production running Windows Server 2012 that reboot during business hours when we login...  
    Tuesday, February 19, 2013 7:19 PM
  • We've just come across this problem after last week's updates and it appears that a number of the policies in the Windows Update section of GPO are ignored by Win8/WS2012 with the most critical being 'Configure Automatic Updates'.  After much re-jigging of GPOs, WSUS, WU service etc, it became apparent that the Automatic Maintenance time in the Action Center was overriding the GPO so, using GPMC with the Win8/WS2012 admx files, I managed to find the policy for the Maintenance Scheduler then, back in Windows Update | Configure Automatic Updates I got confirmation of this in the Help section for option 4:

    ***********************************************

    On Windows 8 and Windows RT: The option for specifying schedule in the Group Policy Setting has no effect. The scheduling option can be specified in Computer Configuration->Administrative Templates->Windows Components->Maintenance Scheduler->Maintenance Activation Boundary. If no schedule is specified, the default schedule for all installations will be during the default maintenance window at 3 AM. If any security updates require a restart to complete the installation, Windows will restart the computer automatically after notifying the user about an upcoming auto restart for a period of time. If a user is signed in to the computer and there is a potential of loss of state or data when Windows is ready to restart, the restart will be delayed to the next time the user unlocks the computer.

    ***********************************************

    However, whilst the time can be set it doesn't look like the day can be, unless there's something that can be done with Activation Boundary value, which defaults to '2000-01-01T03:00:00', or with the scheduled task - which is named 'Regular Maintenance' in Task Scheduler!!

    On a similar thread - http://social.technet.microsoft.com/Forums/en-US/winserverwsus/thread/ad04706a-77e7-43e2-a2d7-935f999a447a - it's mentioned that it might be more controllable through SCCM which we don't have at the moment, although we are likely to deploy for SC Endpoint Protection however this is a far from perfect solution.

    As for the problem of servers not rebooting if someone is logged in, I suspect this could be mitigated by enforcing a timeout for logins but wtf???

    So, it looks like a feature introduced to help Win8 users is doing the absolute opposite for WS2012 admins.

    Friday, February 22, 2013 2:28 PM
  • Currently, we are trying to use the feature "Clusterfähiges Aktualisieren" I don,t know the english name but it could something like "cluster aware update".

    This feature is available as soon as the clusterservice is installed and the server has joined a cluster. Our plan is to assign all servers which aren't used in a cluster at the moment to a new cluster just to be able to use the update feature. I don't know if a cluster has some side effects but if not, we can use the "Clusterfähiges Aktualisieren" feature which allows to define Day and time and it updates one server after the other and ensures that only one server is updating at time.


    Tuesday, March 12, 2013 6:19 PM
  • Everyone stopped posting to this thread for a few weeks now.

    What is going on with this?  So, automatic update schedules cannot be managed on Windows 8 and Server 2012?

    Sounds like something that still needs to be fixed.

    Saturday, April 06, 2013 7:23 PM
  • All is controlled by Maintenance window settings in GPO (Maintenance Scheduler), this is logical.
    Sunday, April 07, 2013 7:57 AM
  • Inspired by some VBScripts and the "Cluster Aware Update", I wrote my own .Net Application to perform Windows Updates.

    It's really simple. The app runs every 5 minute by Task-Scheduler. It checks for the configuration file in a shared Network Location, where I can set my schedule to a specific Day or multiple days. While one Server is updating, the Status is written to the shared Folder and the other Servers are waiting until the first one has completed updates. Ant that's what I wanted. The Servers can do Windows update on saturday and sunday, one Server at a time.

    I also added the ability to use Powershell to delay the Update. For example, you can create a Powershell Script which returns the Status of Windows Backup or in my case DPM 2012 Job Status. If a Job is running, Windows update is delayed until the Job has completed.

    Currently there is no GUI for my app. Everything is controlled by XML Files. If someone is interested, I will create a GUI

    Sunday, April 07, 2013 8:28 AM
  • All is controlled by Maintenance window settings in GPO (Maintenance Scheduler), this is logical.

    Not really.  Others here have stated  that you cannot specify specific days of the week for the maintenance window to run.

    The Windows updating looks totally out of control for both Server 2012 and Windows 8 unless you disable automatic updates and do it all manually. 


    Sunday, April 07, 2013 4:36 PM
  • I too would like to know of an answer.  I can't believe something this simple was overlooked by Microsoft.  I have deployed 13 Virtual Servers in Production running Windows Server 2012 that reboot during business hours when we login...  

    I can't believe this either and I'm surprised this did not come up as an issue during beta testing.

    Why did they remove the ability to use group policy to schedule updates to automatically install only on a specified day of the week?  How does this benefit anyone?

    Many organizations stage scheduling of updates/reboots for a consistent pre-planned day of the week even for workstations and especially for servers.

    The automatic maintenance set up only lets you specify a time of day, but not day of the week.  Red flags should have have been seen by whoever implemented/approved this inflexible design.

    "Run maintenance tasks daily at:"

    What??!

    Sunday, April 07, 2013 5:54 PM
  • Agreed.  Who was the genius that thought, "Hey, lets have our server's force-update everyday!  And only allow the system admins - who already control everything else about the server via GPO - to pick a time for this."

    And what about that forced-reboot, aye?  Now that's genius right out of the bottle.  "Oh, and lets give a warning of 3 days that the computer needs to be rebooted - then kick the box if they haven't done it.  Oh, and if they login, with in that time and continue to ignore the message - kick it anyways!"  Flawless logic.

    This is another showing of how MS has fell out of touch with reality.  This "change" forces us to invest more energy and time for a STEP BACKWARDS.  We in IT love change that brings better options or innovation - and look at it as a slight inconvenience (if that).  But this Sir, is a disruption with no benefit.

    Monday, April 08, 2013 1:04 PM
  • As long as there is no solution from Microsoft available, I will use my own app to control the update behaviour. Maybe someone else will find it useful too:

    http://edv.styletronix.net/apps/WindowsUpdater.aspx

    Monday, April 08, 2013 2:16 PM
  • Hey guys,

    Just an FYI, I have a case open with MS about this very issue.  I agree that it's pretty idiotic behavior, and it's clear to me that the Windows 8 devs need to be kept as far away from Server 2012 as possible.  I'll post the results of this case as I very much feel this is a bug that needs to be patched (after all, if you can't rely on GPO to manage your environment's policy, what the heck can you rely upon?!). 

    Cheers,

    -Russ

    Monday, April 08, 2013 3:25 PM
  • All is controlled by Maintenance window settings in GPO (Maintenance Scheduler), this is logical.

    This is not true.  Server 2012 does not honor the maintenance window settings in GPO and reboots according to the schedule set locally on the server.  It should be controlled by GPO, but Server 2012 pretty much ignores the policy.
    Monday, April 08, 2013 3:28 PM
  • Hi Russ,

    Hope you are doing Great.

    Have you got any solution for the above issue as the window2012 ignoring the GPO and taking default maintence windows time to reboot .

    if you have, please help me with this as we are having lot of 2012 severs in the environment which depends on WSUS for patchs and now effecting with policy bug,

    Thanks in Advance

    Vinu

    Wednesday, April 10, 2013 11:25 AM
  • All,

    I spoke with a support manager yesterday and MS is aware of this issue.  They submitted a DCR (design change request) to get this fixed, but since this was a "feature" change in 2012, everyone needs to call MS and open a ticket about this.  Do not just post on this forum, as it sounds like the thing that would get real movement is to have more customers open tickets, especially if they are Premier customers.  I got the real impression that MS doesn't really give a crap, even if you spend a million dollars with them every three years on a big EA, unless you pay extra to get Premier support.  So please give MS a call and make as big a stink as you can, or this probably won't get fixed.

    For what it's worth, the manager I spoke to felt it was a bug as well, and agreed that it was a massively stupid oversight on the devs' part.

    You all are welcome to reference my company's support ticket number, 113040410340282, when opening your own ticket.  Here is the text from the last response I received from MS:

    Hello Russ,
    
    Thanks for your time over the phone
    
    As discussed Issue is because in GPO Automatic Maintenance Activation Boundary Group Policy we have an option to define only Time and NOT Install Day, Additionally if we choose Automatic Updates in control panel to select a configuration option we can choose time but NOT day as a result updates will be installed daily and I acknowledge that I was able to Reproduce this Issue in my lab for Windows 8 and  Windows 2012
     
    Similar Issue has been discussed at below mentioned Forum
    http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/9714c384-ffed-4561-8349-32fd1dace9f9/
     
    http://social.technet.microsoft.com/Forums/en-US/winserverwsus/thread/ad04706a-77e7-43e2-a2d7-935f999a447a
     
    http://social.technet.microsoft.com/Forums/en-US/winserver8gen/thread/49671250-090a-454e-897d-2c450415e7a5 
    
    Question
    Are your servers really rebooting every day? Or is it just that the particular days that the machines reboot are not convenient?
    Possible Workaround for now
    One thing you could do is delay approving updates in WSUS, and/or setting a deployment deadline when you approve them.
    
    For example, security updates normally appear on MU on Tuesday, so with the 3-day reboot timeout for security updates, Win8 machines end up rebooting as soon as Friday, or sometimes Saturday. If you delay security update approval until Wednesday, then the reboot will occur on Saturday most of the time, or maybe Sunday.
    
    Alternatively, wait until Saturday to approve security updates, but set an install deadline WAY back in the past. The deadline overrides the 3-day timer so as soon as the updates are detected on Saturday, they install and reboot.
    
    In a Nutshell workaround the issue by holding off on update approvals and approving updates only when you want them to be installed. 
    
    Another Workaround
    If you would like installs to happen at a specific time, then you can set AUOptions to 3 (using “Configure automatic Updates” policy) and use your own scheduled task to trigger the installs. 
    
    I will discuss this with Product Group and if required will file a DCR(Design Change Request) , I cannot say when this Issue will be fixed but I will pass the feedback to product Group to get this Issue fixed ASAP.
    
    Note-As discussed if possible open a Premier Case for same issue
    
    Again appreciate your time and patience!
    
    
    Regards,
    Shobhit Garg
    Email:Shobhit.Garg@Microsoft.com
    UK +44 (020) 7365 2380 Ext 54077 | US: +1 866 425 7701 Ext 87677 | India: +91 66587677 

    Cheers,

    -Russ




    • Edited by russlegear Wednesday, April 10, 2013 3:23 PM
    Wednesday, April 10, 2013 3:12 PM
  • Hi Russ,

    Thanks for your quick response.Let me  have a  look with MS.

    Thanks
    Vinu

    Wednesday, April 10, 2013 3:59 PM
  • That's good to know.  I guess Microsoft needs to do a better beta program.  

    This should have been discovered before final release.  It's not as if this is some very obscure issue that only would affect 1% of users.

    Wednesday, April 10, 2013 8:42 PM
  • Hi All.

    We have the solution for  the issue were windows 2012 server restarts  while user logged in  after patching or time of automatic update schedule installation and reboot  can’t be  controlled by the GPO.

    To Make this success in windows 2012  please follow the below change in GP.

    Case 1:Window 2012 reboots after patching while user logged in.

    Solution: Run>Gpmc.msc>computer configuration>administrator templates >windows component >Windows updates

    NO auto restart with logged on user for schedule automatic installations-Enable.

    Result: This will stop reboot of windows 2012  while user login after patching.

    Case 2:To override the default maintenance window at 3 AM by GP schedule installation time.

    Solution :To effect GP schedule installation time and reboot  in windows 2012 &windows 8 .We have to do the below change in GP.

    Computer Configuration->Administrative Templates->Windows Components->Maintenance Scheduler->Maintenance Activation Boundary

    Note:Please remember that after the update you should manage group policies from a Windows 8 or Server 2012 workstation.

    To see the above group policy templates you should update your ADMX and ADML files in your PolicyDefinitions folder in SYSVOL

    To update follow this guide: blogs.technet.com/b/craigf/archive/2012/08/28/upgrading-the-admx-central-store-files-from-windows-7-2008r2-to-windows-8-2012.as

    Result :This will take the schedule installation time as per the GP and no more it will reboot during default maintenance window at 3 AM.

    Good Luck GuyZZZZ...

    Thanks

    Vinu

    • Proposed as answer by Vinu Karthika Thursday, April 11, 2013 12:55 PM
    Thursday, April 11, 2013 12:55 PM
  • Hi All.

    We have the solution for  the issue were windows 2012 server restarts  while user logged in  after patching or time of automatic update schedule installation and reboot  can’t be  controlled by the GPO.

    To Make this success in windows 2012  please follow the below change in GP.

    Case 1:Window 2012 reboots after patching while user logged in.

    Solution: Run>Gpmc.msc>computer configuration>administrator templates >windows component >Windows updates

    NO auto restart with logged on user for schedule automatic installations-Enable.

    Result: This will stop reboot of windows 2012  while user login after patching.

    Case 2:To override the default maintenance window at 3 AM by GP schedule installation time.

    Solution :To effect GP schedule installation time and reboot  in windows 2012 &windows 8 .We have to do the below change in GP.

    Computer Configuration->Administrative Templates->Windows Components->Maintenance Scheduler->Maintenance Activation Boundary

    Note:Please remember that after the update you should manage group policies from a Windows 8 or Server 2012 workstation.

    To see the above group policy templates you should update your ADMX and ADML files in your PolicyDefinitions folder in SYSVOL

    To update follow this guide: blogs.technet.com/b/craigf/archive/2012/08/28/upgrading-the-admx-central-store-files-from-windows-7-2008r2-to-windows-8-2012.as

    Result :This will take the schedule installation time as per the GP and no more it will reboot during default maintenance window at 3 AM.

    Good Luck GuyZZZZ...

    Thanks

    Vinu

    That does not solve the problem because the server would still reboot if there is no user logged in.  

    It also does not solve the problem of scheduling installation for specific days of the week rather than only set the time of day.  Many or probably most businesses will want to install updates on a schedule of specific days of the week, not every day regardless of time.

    The only workaround that looks reliable is to not approve updates until the day you want them installed and then install them with a script that day, but that is a lot of extra labor that would not be needed if Microsoft had not messed up the automatic updates process for Server 2012.

    I also don't see any policy settings that allow you to completely disable the automatic maintenance either.  All it does is allow you to set a time of day, but it will continue to run every day.

    Thursday, April 11, 2013 1:24 PM
  • The viable solution for me - is one where I can control the day of the week.  And right now - we don't have that here.
    Thursday, April 11, 2013 1:25 PM
  • The viable solution for me - is one where I can control the day of the week.  And right now - we don't have that here.
    Agreed.  We need to be able to control the day or this is a downgrade.  No admin wants to wait until the day before to approve updates just because MS took away our control of when updates are applied.
    Monday, April 15, 2013 5:41 PM
  • I just want to add my complaint here as well.  I control patching for about 1,000 servers for a hospital and they have to reboot during a 1 hour maintenance window once a month.  WSUS works quite well for that, but the design "enhancement" could be that Microsoft wants to force us to use System Center Configuration Manager and pay for licenses to have our servers reboot at a certain time.  Does anyone know if System Center allows for an update install and reboot at a certain time?
    Wednesday, April 24, 2013 7:48 PM
  • Just adding my name to the list of folks inconvenienced with this issue - production servers rebooting in the middle of the day after being logged onto and getting the 15 minute warning with no way to postpone.  MAJOR step backward - Server 2008 worked fine.  This is unacceptable.
    Wednesday, May 22, 2013 6:51 PM
  • Another name to the list. We cannot use server2012 in production because of this.
    Tuesday, June 04, 2013 8:23 AM
  • Hey guys,

    Its been a while (2 weeks) since the last post in this thread now. Are there any news regarding this issue? 

    @russlegear : Any news from Microsoft?

    Cheers.



    Tuesday, June 04, 2013 8:31 AM
  • Hi,

    Thanks for raising this issue and for all of the questions and comments. The feedback has been shared with the Windows product team and they are investigating options for improving the behavior. In the meantime, we have written some content to help explain the issue and the current options for configuring restart behavior. This appears in the section titled "Automatic Maintenance and changes to restart behavior after updates are applied by Windows Update" at http://technet.microsoft.com/en-us/library/hh994618.aspx#BKMK_WhatsNewEight. I expect this issue to also be covered in some more discoverable locations in the TechNet Library and in the Microsoft Knowledge Base soon.  

    Thanks,

    Justin [MSFT]

    Thursday, June 06, 2013 11:38 PM
  • This behavior from Ms is completely surreal.
    Wednesday, June 12, 2013 1:44 PM
  • Just adding my complaints too. How "intelligent" New features break a well-working system for servers. Microsoft, thing again, please, and move quickly With the DCR (Design Change Request) mentioned above.

    /Maurice

    Wednesday, June 19, 2013 10:13 AM
  • Here is my workaround - disabling the maintenance services. The "Regular Maintenance" is the one starting at 3AM, but also the "Maintenance Configurator" (both in the \Microsoft\Windows\TaskScheduler\ subfolder) needs to be disabled since the configurator will re-enable the Regular Maintenance.

    Gotachas:

    • Disabling these tasks does not seem to be possible via Group Policy Preferences since the tasks are in the a subfolder.
    • The tasks cannot be deleted/modified via GUI (taskschd.msc), I only got "Access denied".

    BUT via command line and psexec it seems to work:

    • Disable Maintenance Configurator:
      psexec \\server1,server2 -s schtasks /change /tn "\Microsoft\Windows\TaskScheduler\Maintenance Configurator" /DISABLE
    • Disable Regular Maintenance:
      psexec \\server1,server2 -s schtasks /change /tn "\Microsoft\Windows\TaskScheduler\Regular Maintenance" /DISABLE

    Hope this helps anyone trying to fix too early reboots...
    /Maurice

    Wednesday, July 03, 2013 4:12 PM
  • We already have some 2012 servers in production, and have exactly that issue. When there are new patches on Tuesday, and accidentally I log on to the server on Wednesday at 14:00, it reboots at 14:05. And that with GPOs that work flawlessly in Windows 2000, 2003, 2008 and 2008 R2. 

    Besides, we have multiple schedules in a single GPO with item-level targeting - if we have to redo all this for the new "maintenance window" scheme, it will be a complex job.

    BUT: Right now, we can't do that anyway! I understand that there is no option whatsoever to force Windows Server 2012 to reboot after patching if someone is logged on. This is stupid! I want my servers to be patched at 3am and then rebooted, regardless if some administrator has a disconnected RDP session or not!

    Is there any workaround to accomplish this at the moment? (Do we really need to create a script that checks if patches are waiting for a reboot and then issues a shutdown command or something like that? This would be a return to the stone age, compared to what was offered even in Windows 2000.)

    Edit: Found that KB2835627 at least allows to force-restart after three days. So, if patching happened on Wednesday at 3am, reboot will happen on Saturday at 3am (right during the weekend backup). This is far from a solution.

    • Edited by svhelden Thursday, July 11, 2013 4:18 AM added KB2835627
    Wednesday, July 10, 2013 1:34 PM
  • So .. at least on our file server, I'll let the following batch file run every Wednesday and Thursday morning:

    reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" | find "RebootRequired"
    if not errorlevel 1 shutdown /r /t 10
    This way, the server will restart if there are updates requiring a reboot. BEFORE the weekend backup.


    Thursday, July 11, 2013 4:46 AM
  • I'm joining the train of complainers...

    Besides the issues mentioned here, there's also the fact that Windows 2012 servers now don't get listed in the WSUS DB as needing to be restarted, when they actually need to.


    Tiago Viana, MCITP:SA

    Thursday, July 11, 2013 5:04 PM
  • Um grande comboio de reclamações!!! (A huge train of complaints!!!)
    Friday, July 12, 2013 2:32 PM
  • The first thing that I don't understand is why Auto Download and notify for install was suppressed.

    It's astonishing! Who were the people that doesn't want it in Windows 8 or 2012?

    Now how can I install an update on a workstation or a server when anybody is using it?

    The workstation in the night is powered off and the server is making a backup or is backed up by another...

    Somebody has a sensate answer?

    Tuesday, July 16, 2013 1:27 PM
  • Lucab1,

    I can understand why Microsoft changed the behavior on Windows 8. If you look at the research MS did on updates for Windows 7 release dates and gap between install dates from users, you would understand. I can't remember the URL of the white paper but it explains somehow what they want (I'll post the URL if I can find it again).

    I think the major questions about this new policy/philosophy are:

    1. Why maintain this behavior on corporate machines (servers/workstations) managed by WSUS;
    2. Why adding this "feature" to Windows Server 2012.

    The issues you've mentioned - workstations being powered off or servers in use - can be overcome. Workstations can be powered on for updates, using WOL, and powered off again after they are done. I do that for all my workstations.

    For the servers, during the day (working hours) the backup servers are not doing backup; so they can be patched/updated. For the other servers backup of their data doesn't take all night long, you just have to find a maintenance window and schedule things.

    Tuesday, July 16, 2013 1:53 PM
  • I have also noticed in my factory that some people does not apply updates. But now the problem for me is more complicated...

    The updates are installed also on machine used from people that works by night or different shifts....

    How many policy now I have to schedule?


    • Edited by Lucab1 Tuesday, July 16, 2013 2:47 PM gggh
    Tuesday, July 16, 2013 2:46 PM

  • You should use the option "Computer Configuration>Administrator Templates >Windows Component >Windows updates -> NO auto restart with logged on user for schedule automatic installations-Enable." to prevent the reboot after update installations when users are logged on.
    Tuesday, July 16, 2013 3:25 PM
  • Finally i've scheduled the updates with different policies and i'm collecting the results.

    The first one is astonishing.

    After installing all the critical updates , my mapped network drive via login script are disappeared

    And now?

    Wednesday, July 17, 2013 6:30 AM
  • This is unbelievably unacceptable.  Microsoft needs to wake up and realize that it's OK to treat home users like idiots, but don't treat administrators that way.

    This "feature" is almost as dumb as forcing the Start Screen on a computer with a keyboard and mouse and giving no choice whatsoever to go back to the Start Menu.

    Wednesday, August 14, 2013 1:57 PM
  • To answer to the original question,
    installing once a week (e.g. Sunday 03:00 AM):

    1. Set the Windows Maintenance period to 03:00 AM (every day).
        Set Windows Update to download and install automatically
    2. Turn off and disable Windows Update service:

         sc stop wuauserv
         ping 127.0.0.1 -n 60 >nul
         sc config wuauserv start= disabled

    3. Turn on wuauserv only on Sundays, before the maintenance period,
        e.g. Sunday 01:00 AM (this can be a scheduled task):

        sc config wuauserv start= demand
        sc start wuauserv
    

        This will download the updates but not start installing
        until 03:00 (the beginning of the maintenance period)

    4. When the installation is done, if restart is required,
       Windows Update will write to the System event log: EventID 21 or 22,
       Provider="Microsoft-Windows-WindowsUpdateClient"
       (see http://technet.microsoft.com/en-us/library/dd349741.aspx)
       You can have TaskScheduler trigger a task on this event
       (custom XML trigger). The triggered command is simply:

         shutdown /g /t 60 /d p:2:18 /c "restart due to windows update"
    

       Alternatively, you can schedule the following batch at fixed time,
       e.g. Sunday 03:35 AM (because installation usually completes in 35mins):

         REM Examine if there's a Restart Required event within 7days:
         set Q="/q:*[(System/EventID='22' or System/EventID='21') and System/Provider[@Name='Microsoft-Windows-WindowsUpdateClient'] and System/TimeCreated[timediff(@SystemTime) <= 604800000]]"
         wevtutil qe system %Q% /f:xml | find "Event" >nul || goto :eof
         ...restart the computer...
    

       (The detection method suggested by svhelden did not work for me)

    5. Turn off and disable wuauserv at Sunday 04:00 AM (-> step2)
        This prevents installations occurring in the maintenance periods of other days.

    I tested these on Windows Server 2012.

    Friday, September 13, 2013 4:47 PM
  • I'm also joining the train of complainers...

    We've Windows 2012 at time on test level.

    We wont bring them to production state before this issue ist resolved by MS

    Hans - Jeorg (Yogi) Weber, IFW;LUH

    Wednesday, September 18, 2013 2:23 PM
  • Haven't installed it yet, but it looks like Microsoft has finally fixed this issue:

    http://support.microsoft.com/kb/2885694

    • Proposed as answer by gwin99 Wednesday, November 06, 2013 3:19 PM
    Wednesday, October 09, 2013 3:59 PM
  • Finally!
    Wednesday, October 09, 2013 4:25 PM
  • yes, here is some more info from MS support team. See new fixes documented in MSKB 2885684 and distributed in cumulative rollup KB 2883201.

    More Details can be found in

    http://blogs.technet.com/b/wsus/archive/2013/10/08/enabling-a-more-predictable-windows-update-experience-for-windows-8-and-windows-server-2012-kb-2885694.aspx

    Windows 8.1 + WS 2012 R2 RTM also contain this update.

    Thanks,

    Justin [MSFT]

    Wednesday, October 09, 2013 4:40 PM
  • Finally they have eared us!!!! Now lets see if there isn't any hidden features...
    Wednesday, October 09, 2013 5:59 PM
  • Seems they do have ears. Thats commendable but my worry is that something is happening with whats between them.  I wonder who is that idiot(s) who decided that a tablet is a great model for server OS to be based on? I dont care whats OS is called, I just need something that allows me efficiently manage network and run business. For years Windows was fulfilling this role better than any other OS due to simplicity and efficient design. But starting right after Win2003, despite some innovations (based on old ideas, anyway) it looks like MS products become less and less convenient to use, show more sloppiness in development and less thoroughness in design and implementation. It may or may not be significant that this shift started at about the same time when the whole development was moved abroad and company leadership was transferred to a current CEO, Im fine with products that are 'Made in India' or 'Pakistan', but not when they become an obstacle to overcome instead of a tool helping to avoid them. Right now, with win8 and particularly 2012 it seems we reached the point that even I, who always was resisting using Linux or Macintosh in corporate environment,  start thinking that running those are no longer much more cumbersome than new Windows platform. If MS idea is to design consumer product to compete with Apple gadgets, good luck with that - they only sure thing in my opinion is that MS will start loosing corporate customers. Im about to become such. After working with some of the 2012 products (Win, Exchange, SQL) I feel Im getting really upset. Sure you can tell.
    Tuesday, October 15, 2013 3:38 AM
  • Seems they do have ears. Thats commendable but my worry is that something is happening with whats between them.  I wonder who is that idiot(s) who decided that a tablet is a great model for server OS to be based on? I dont care whats OS is called, I just need something that allows me efficiently manage network and run business. For years Windows was fulfilling this role better than any other OS due to simplicity and efficient design. But starting right after Win2003, despite some innovations (based on old ideas, anyway) it looks like MS products become less and less convenient to use, show more sloppiness in development and less thoroughness in design and implementation. It may or may not be significant that this shift started at about the same time when the whole development was moved abroad and company leadership was transferred to a current CEO, Im fine with products that are 'Made in India' or 'Pakistan', but not when they become an obstacle to overcome instead of a tool helping to avoid them. Right now, with win8 and particularly 2012 it seems we reached the point that even I, who always was resisting using Linux or Macintosh in corporate environment,  start thinking that running those are no longer much more cumbersome than new Windows platform. If MS idea is to design consumer product to compete with Apple gadgets, good luck with that - they only sure thing in my opinion is that MS will start loosing corporate customers. Im about to become such. After working with some of the 2012 products (Win, Exchange, SQL) I feel Im getting really upset. Sure you can tell.

    Not to mention the lovely powershell and fantastic KBs with no examples to show you what spells only a necromancer and suspender-wearing, shaggy bearded Linux guru would know.   No need to finish the gui interface which takes just a click of a mouse when you can type some inane script which "is more powerful".   Clicking a mouse is powerful - assembly language to run a simple task is primitive.

    Monday, June 23, 2014 6:00 AM