Server 2012 and Windows Update Schedule - only option is daily installation?
-
Saturday, December 15, 2012 1:05 PM
Hi all
How to configure Windows Update on Server 2012 to install updates once a week?
I've assigned a GPO with WSUS-Settings for installation once a week, which is working on Server 2008 R2 and earlier versions.
But on Server 2012 it won't be applied correctly because under "Automatic Maintenance" in the "Action Center" area in the Control Panel there is only one option to choose which is daily installation.
How to change the update frequency to weekly? I've not found any option within GPO or GUI.
Thanks.
querdm
All Replies
-
Monday, December 17, 2012 7:53 AMModerator
Hi,
You can't change the setting using UI anymore.But the GPO is still applied.Since it is a WSUS client,pls refer to the policy "configure automatic updates" to define to install updates once a week.
regards,Clarence
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
-
Monday, December 17, 2012 8:15 PM
Hi Clarence
It is a WSUS Client, I have applied the GPO with config to install updates on Thursday.
But updates will still be installed every day, on the selected time within "Automatic Maintenance".
The GPO does not change or overwrite that, I mean the GPO has no precedence.
So I'm not able to let the updates be installed once a week anymore?
Thank you.
querdm
-
Tuesday, December 18, 2012 7:03 AMModeratorHi,
I don't think so.The GPO should take the precedence over the UI.How did you get updates installed every day?To test,Pls try to config to install updates on Thursday, and then approve for a update on friday to see whether it will be installed.
Also,in the action center,you can turn off the automatic maintenance to test whether it works.
regards,Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
-
Tuesday, December 18, 2012 12:40 PM
Hi,
I did a test and applied a GPO with install updates on Thursday 23:00.
There was an update for this server which was installed on Wednesday 15:00 like configured in the "Automatic Maintenance".
So the update was installed on Wednesday and not un Thursday 23:00.
The GPO does not take the precedence but it was applied correctly as I can see by registry-keys and gpresult. What is going wrong there?
Thank you.
qwerdm
-
Thursday, December 20, 2012 10:33 AM
Hi,
I did another Test today. New Server 2012,
1. WSUS GPO applied with installation on Thursday 22:00, checked by regedit and GUI
2. server restarted
3. Updates approved for installation, checked in GUI of Server
4. Checked and adjusted Automatic Maintenance Hour to 09:00.
5. Logoff and wait until 09:00
6. Logon at 11:00, look at Update history
RESULT: both updates have been installed at 09:00
Is there anything wrong?
Any help would be appreciated, thank you.
regards, dom
-
Friday, December 21, 2012 10:55 AM
Has anyone tested this so far?
Any help would be appreciated, thank you.
regards, dom
-
Thursday, January 03, 2013 8:09 PMAny updates? I'm experiencing the same thing. GP correctly applies automatic update settings to install every Sunday during our maintenance window, but the Server still installs updates and reboots daily at 3am during it's maintenance window. I need to be able to change this to weekly. A daily maintenance window in ridiculous.
-
Friday, January 04, 2013 2:34 PM
We have about 45 Servers with mixed Versions Server 2003 and 2008R2. The GPO for getting WSUS-Updates is over five years old installs the updates on sunday night with an reboot. Now we have four Servers 2012 with the same GPO applied. These Servers are installing and rebooting daily at 3am during the maintanence window. These setting cannot be changed in the policy or UI.
The next fact about updating Server 2012 is, that if you install updates manually on weekdays and the user logs off, the server reboots itself without warning. These setting cannot be changed. Older Server Versions are not rebooting itself and can be controlled trough policy.
-
Tuesday, January 08, 2013 12:33 PMSimilar problem here.
- Proposed As Answer by Catalin MagherMicrosoft Employee Monday, January 21, 2013 9:56 AM
- Unproposed As Answer by Catalin MagherMicrosoft Employee Monday, January 21, 2013 9:56 AM
-
Monday, January 21, 2013 10:18 AM
As a WorkAround I would suggest to change the interval for the Automatic Maintenance in the Task Scheduler - Task Scheduler Library - Microsoft - Windows - TaskScheduler -> in the properties of Regular Maintenance Task, under the Triggers Tab you can check and edit the Settings.
Notice that the changes may not be displayed in the Action Center - Automatic Maintenance Settings- Proposed As Answer by Catalin MagherMicrosoft Employee Tuesday, January 22, 2013 11:27 AM
-
Monday, January 21, 2013 2:41 PM
Try to set the GPO-Configuration from a Microsoft Windows Server 2012 RSAT Snap-In.
I've tested it and so far it seems to work like a charm.
My HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
AUOptions : 4
NoAutoUpdate : 0
ScheduledInstallDay : 2
ScheduledInstallTime : 7
-
Tuesday, January 29, 2013 11:18 AM
These settings are applied through the existing Policy on Server 2012.
The Policy Settings (ADMX) haven't changed since Server 2008.
So what is the difference to a new GPO with 2012 RSAT?
If i look at Catalin Magher post it might be a solution to disable the Maintenance Task.
What Jobs does the Maintenance Task in TasKScheduler exactly run?
If the Job is active in TasKScheduler and not controlled through registry like the WSUS settings,
how should WindowsUpdate know which one is the preferred setting? -
Saturday, February 02, 2013 10:32 PM
We are having the same Problem.
20 Servers have restarted at the same time which has resulted in a total failure of our entire environment. Why having server redundancy when they update at the same day??
A few weeks ago, i connected to a disconnected remote session on a server and got the message... restartin in 15 minutes....
Without the ability to stop this, the server has done a restart during main working time which results in a downtime of over 1 hour of our entire company. The same thing happened 5 times, then we disabled automatic updates.
The only option for us was to disable automatic updates on all servers AND Workstations because of the forced restart.
This is absolutely horrible !!! No way to use automatic updates this way !!
On Server 2008 R2.. It was possible to define a weekday for installing updates and by GPO, it was possible to force the restart even when a user has a disconnected rdp session or is just logged in without actually using the Workstation oder Server. But Windows 2012 waits until the user which is logged in is using the server or workstation again and then displays the 15 minute countdown which us usually is during worktime... so the server or workstation restarts during worktime which is absolutely not acceptable..- Edited by Andreas Pross Saturday, February 02, 2013 10:43 PM added information
-
Saturday, February 02, 2013 10:45 PM
After a reboot, the settings where restored to the daily values again. Not sure if this is due to a setting in GPO.As a WorkAround I would suggest to change the interval for the Automatic Maintenance in the Task Scheduler - Task Scheduler Library - Microsoft - Windows - TaskScheduler -> in the properties of Regular Maintenance Task, under the Triggers Tab you can check and edit the Settings.
Notice that the changes may not be displayed in the Action Center - Automatic Maintenance Settings -
Tuesday, February 19, 2013 2:50 AM
Has anyone figured out a solution other than disable auto updates? This is driving me bonkers.We are having the same Problem.
20 Servers have restarted at the same time which has resulted in a total failure of our entire environment. Why having server redundancy when they update at the same day??
A few weeks ago, i connected to a disconnected remote session on a server and got the message... restartin in 15 minutes....
Without the ability to stop this, the server has done a restart during main working time which results in a downtime of over 1 hour of our entire company. The same thing happened 5 times, then we disabled automatic updates.
The only option for us was to disable automatic updates on all servers AND Workstations because of the forced restart.
This is absolutely horrible !!! No way to use automatic updates this way !!
On Server 2008 R2.. It was possible to define a weekday for installing updates and by GPO, it was possible to force the restart even when a user has a disconnected rdp session or is just logged in without actually using the Workstation oder Server. But Windows 2012 waits until the user which is logged in is using the server or workstation again and then displays the 15 minute countdown which us usually is during worktime... so the server or workstation restarts during worktime which is absolutely not acceptable.. -
Tuesday, February 19, 2013 7:19 PMI too would like to know of an answer. I can't believe something this simple was overlooked by Microsoft. I have deployed 13 Virtual Servers in Production running Windows Server 2012 that reboot during business hours when we login...
-
Friday, February 22, 2013 2:28 PM
We've just come across this problem after last week's updates and it appears that a number of the policies in the Windows Update section of GPO are ignored by Win8/WS2012 with the most critical being 'Configure Automatic Updates'. After much re-jigging of GPOs, WSUS, WU service etc, it became apparent that the Automatic Maintenance time in the Action Center was overriding the GPO so, using GPMC with the Win8/WS2012 admx files, I managed to find the policy for the Maintenance Scheduler then, back in Windows Update | Configure Automatic Updates I got confirmation of this in the Help section for option 4:
***********************************************
On Windows 8 and Windows RT: The option for specifying schedule in the Group Policy Setting has no effect. The scheduling option can be specified in Computer Configuration->Administrative Templates->Windows Components->Maintenance Scheduler->Maintenance Activation Boundary. If no schedule is specified, the default schedule for all installations will be during the default maintenance window at 3 AM. If any security updates require a restart to complete the installation, Windows will restart the computer automatically after notifying the user about an upcoming auto restart for a period of time. If a user is signed in to the computer and there is a potential of loss of state or data when Windows is ready to restart, the restart will be delayed to the next time the user unlocks the computer.
***********************************************
However, whilst the time can be set it doesn't look like the day can be, unless there's something that can be done with Activation Boundary value, which defaults to '2000-01-01T03:00:00', or with the scheduled task - which is named 'Regular Maintenance' in Task Scheduler!!
On a similar thread - http://social.technet.microsoft.com/Forums/en-US/winserverwsus/thread/ad04706a-77e7-43e2-a2d7-935f999a447a - it's mentioned that it might be more controllable through SCCM which we don't have at the moment, although we are likely to deploy for SC Endpoint Protection however this is a far from perfect solution.
As for the problem of servers not rebooting if someone is logged in, I suspect this could be mitigated by enforcing a timeout for logins but wtf???
So, it looks like a feature introduced to help Win8 users is doing the absolute opposite for WS2012 admins.
-
Tuesday, March 12, 2013 6:19 PM
Currently, we are trying to use the feature "Clusterfähiges Aktualisieren" I don,t know the english name but it could something like "cluster aware update".
This feature is available as soon as the clusterservice is installed and the server has joined a cluster. Our plan is to assign all servers which aren't used in a cluster at the moment to a new cluster just to be able to use the update feature. I don't know if a cluster has some side effects but if not, we can use the "Clusterfähiges Aktualisieren" feature which allows to define Day and time and it updates one server after the other and ensures that only one server is updating at time.
- Edited by Andreas Pross Tuesday, March 12, 2013 6:21 PM
-
Saturday, April 06, 2013 7:23 PM
Everyone stopped posting to this thread for a few weeks now.
What is going on with this? So, automatic update schedules cannot be managed on Windows 8 and Server 2012?
Sounds like something that still needs to be fixed.
-
Sunday, April 07, 2013 7:57 AMAll is controlled by Maintenance window settings in GPO (Maintenance Scheduler), this is logical.
-
Sunday, April 07, 2013 8:28 AM
Inspired by some VBScripts and the "Cluster Aware Update", I wrote my own .Net Application to perform Windows Updates.
It's really simple. The app runs every 5 minute by Task-Scheduler. It checks for the configuration file in a shared Network Location, where I can set my schedule to a specific Day or multiple days. While one Server is updating, the Status is written to the shared Folder and the other Servers are waiting until the first one has completed updates. Ant that's what I wanted. The Servers can do Windows update on saturday and sunday, one Server at a time.
I also added the ability to use Powershell to delay the Update. For example, you can create a Powershell Script which returns the Status of Windows Backup or in my case DPM 2012 Job Status. If a Job is running, Windows update is delayed until the Job has completed.
Currently there is no GUI for my app. Everything is controlled by XML Files. If someone is interested, I will create a GUI
-
Sunday, April 07, 2013 4:36 PM
All is controlled by Maintenance window settings in GPO (Maintenance Scheduler), this is logical.
Not really. Others here have stated that you cannot specify specific days of the week for the maintenance window to run.
The Windows updating looks totally out of control for both Server 2012 and Windows 8 unless you disable automatic updates and do it all manually.
-
Sunday, April 07, 2013 5:54 PM
I too would like to know of an answer. I can't believe something this simple was overlooked by Microsoft. I have deployed 13 Virtual Servers in Production running Windows Server 2012 that reboot during business hours when we login...
I can't believe this either and I'm surprised this did not come up as an issue during beta testing.
Why did they remove the ability to use group policy to schedule updates to automatically install only on a specified day of the week? How does this benefit anyone?
Many organizations stage scheduling of updates/reboots for a consistent pre-planned day of the week even for workstations and especially for servers.
The automatic maintenance set up only lets you specify a time of day, but not day of the week. Red flags should have have been seen by whoever implemented/approved this inflexible design.
"Run maintenance tasks daily at:"
What??!
-
Monday, April 08, 2013 1:04 PM
Agreed. Who was the genius that thought, "Hey, lets have our server's force-update everyday! And only allow the system admins - who already control everything else about the server via GPO - to pick a time for this."
And what about that forced-reboot, aye? Now that's genius right out of the bottle. "Oh, and lets give a warning of 3 days that the computer needs to be rebooted - then kick the box if they haven't done it. Oh, and if they login, with in that time and continue to ignore the message - kick it anyways!" Flawless logic.
This is another showing of how MS has fell out of touch with reality. This "change" forces us to invest more energy and time for a STEP BACKWARDS. We in IT love change that brings better options or innovation - and look at it as a slight inconvenience (if that). But this Sir, is a disruption with no benefit.
-
Monday, April 08, 2013 2:16 PM
As long as there is no solution from Microsoft available, I will use my own app to control the update behaviour. Maybe someone else will find it useful too:
-
Monday, April 08, 2013 3:25 PM
Hey guys,
Just an FYI, I have a case open with MS about this very issue. I agree that it's pretty idiotic behavior, and it's clear to me that the Windows 8 devs need to be kept as far away from Server 2012 as possible. I'll post the results of this case as I very much feel this is a bug that needs to be patched (after all, if you can't rely on GPO to manage your environment's policy, what the heck can you rely upon?!).
Cheers,
-Russ
-
Monday, April 08, 2013 3:28 PM
All is controlled by Maintenance window settings in GPO (Maintenance Scheduler), this is logical.
This is not true. Server 2012 does not honor the maintenance window settings in GPO and reboots according to the schedule set locally on the server. It should be controlled by GPO, but Server 2012 pretty much ignores the policy. -
Wednesday, April 10, 2013 11:25 AM
Hi Russ,
Hope you are doing Great.
Have you got any solution for the above issue as the window2012 ignoring the GPO and taking default maintence windows time to reboot .
if you have, please help me with this as we are having lot of 2012 severs in the environment which depends on WSUS for patchs and now effecting with policy bug,
Thanks in Advance
Vinu
-
Wednesday, April 10, 2013 3:12 PM
All,
I spoke with a support manager yesterday and MS is aware of this issue. They submitted a DCR (design change request) to get this fixed, but since this was a "feature" change in 2012, everyone needs to call MS and open a ticket about this. Do not just post on this forum, as it sounds like the thing that would get real movement is to have more customers open tickets, especially if they are Premier customers. I got the real impression that MS doesn't really give a crap, even if you spend a million dollars with them every three years on a big EA, unless you pay extra to get Premier support. So please give MS a call and make as big a stink as you can, or this probably won't get fixed.
For what it's worth, the manager I spoke to felt it was a bug as well, and agreed that it was a massively stupid oversight on the devs' part.
You all are welcome to reference my company's support ticket number, 113040410340282, when opening your own ticket. Here is the text from the last response I received from MS:
Hello Russ, Thanks for your time over the phone As discussed Issue is because in GPO Automatic Maintenance Activation Boundary Group Policy we have an option to define only Time and NOT Install Day, Additionally if we choose Automatic Updates in control panel to select a configuration option we can choose time but NOT day as a result updates will be installed daily and I acknowledge that I was able to Reproduce this Issue in my lab for Windows 8 and Windows 2012 Similar Issue has been discussed at below mentioned Forum http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/9714c384-ffed-4561-8349-32fd1dace9f9/ http://social.technet.microsoft.com/Forums/en-US/winserverwsus/thread/ad04706a-77e7-43e2-a2d7-935f999a447a http://social.technet.microsoft.com/Forums/en-US/winserver8gen/thread/49671250-090a-454e-897d-2c450415e7a5 Question Are your servers really rebooting every day? Or is it just that the particular days that the machines reboot are not convenient? Possible Workaround for now One thing you could do is delay approving updates in WSUS, and/or setting a deployment deadline when you approve them. For example, security updates normally appear on MU on Tuesday, so with the 3-day reboot timeout for security updates, Win8 machines end up rebooting as soon as Friday, or sometimes Saturday. If you delay security update approval until Wednesday, then the reboot will occur on Saturday most of the time, or maybe Sunday. Alternatively, wait until Saturday to approve security updates, but set an install deadline WAY back in the past. The deadline overrides the 3-day timer so as soon as the updates are detected on Saturday, they install and reboot. In a Nutshell workaround the issue by holding off on update approvals and approving updates only when you want them to be installed. Another Workaround If you would like installs to happen at a specific time, then you can set AUOptions to 3 (using “Configure automatic Updates” policy) and use your own scheduled task to trigger the installs. I will discuss this with Product Group and if required will file a DCR(Design Change Request) , I cannot say when this Issue will be fixed but I will pass the feedback to product Group to get this Issue fixed ASAP. Note-As discussed if possible open a Premier Case for same issue Again appreciate your time and patience! Regards, Shobhit Garg Email:Shobhit.Garg@Microsoft.com UK +44 (020) 7365 2380 Ext 54077 | US: +1 866 425 7701 Ext 87677 | India: +91 66587677
Cheers,
-Russ
- Edited by russlegear Wednesday, April 10, 2013 3:23 PM
-
Wednesday, April 10, 2013 3:59 PM
Hi Russ,
Thanks for your quick response.Let me have a look with MS.
Thanks
Vinu -
Wednesday, April 10, 2013 8:42 PM
That's good to know. I guess Microsoft needs to do a better beta program.
This should have been discovered before final release. It's not as if this is some very obscure issue that only would affect 1% of users.
-
Thursday, April 11, 2013 12:55 PM
Hi All.
We have the solution for the issue were windows 2012 server restarts while user logged in after patching or time of automatic update schedule installation and reboot can’t be controlled by the GPO.
To Make this success in windows 2012 please follow the below change in GP.
Case 1:Window 2012 reboots after patching while user logged in.
Solution: Run>Gpmc.msc>computer configuration>administrator templates >windows component >Windows updates
NO auto restart with logged on user for schedule automatic installations-Enable.
Result: This will stop reboot of windows 2012 while user login after patching.
Case 2:To override the default maintenance window at 3 AM by GP schedule installation time.
Solution :To effect GP schedule installation time and reboot in windows 2012 &windows 8 .We have to do the below change in GP.
Computer Configuration->Administrative Templates->Windows Components->Maintenance Scheduler->Maintenance Activation Boundary
Note:Please remember that after the update you should manage group policies from a Windows 8 or Server 2012 workstation.
To see the above group policy templates you should update your ADMX and ADML files in your PolicyDefinitions folder in SYSVOL
To update follow this guide: blogs.technet.com/b/craigf/archive/2012/08/28/upgrading-the-admx-central-store-files-from-windows-7-2008r2-to-windows-8-2012.as
Result :This will take the schedule installation time as per the GP and no more it will reboot during default maintenance window at 3 AM.
Good Luck GuyZZZZ...
Thanks
Vinu
- Proposed As Answer by Vinu Karthika Thursday, April 11, 2013 12:55 PM
-
Thursday, April 11, 2013 1:24 PM
Hi All.
We have the solution for the issue were windows 2012 server restarts while user logged in after patching or time of automatic update schedule installation and reboot can’t be controlled by the GPO.
To Make this success in windows 2012 please follow the below change in GP.
Case 1:Window 2012 reboots after patching while user logged in.
Solution: Run>Gpmc.msc>computer configuration>administrator templates >windows component >Windows updates
NO auto restart with logged on user for schedule automatic installations-Enable.
Result: This will stop reboot of windows 2012 while user login after patching.
Case 2:To override the default maintenance window at 3 AM by GP schedule installation time.
Solution :To effect GP schedule installation time and reboot in windows 2012 &windows 8 .We have to do the below change in GP.
Computer Configuration->Administrative Templates->Windows Components->Maintenance Scheduler->Maintenance Activation Boundary
Note:Please remember that after the update you should manage group policies from a Windows 8 or Server 2012 workstation.
To see the above group policy templates you should update your ADMX and ADML files in your PolicyDefinitions folder in SYSVOL
To update follow this guide: blogs.technet.com/b/craigf/archive/2012/08/28/upgrading-the-admx-central-store-files-from-windows-7-2008r2-to-windows-8-2012.as
Result :This will take the schedule installation time as per the GP and no more it will reboot during default maintenance window at 3 AM.
Good Luck GuyZZZZ...
Thanks
Vinu
That does not solve the problem because the server would still reboot if there is no user logged in.
It also does not solve the problem of scheduling installation for specific days of the week rather than only set the time of day. Many or probably most businesses will want to install updates on a schedule of specific days of the week, not every day regardless of time.
The only workaround that looks reliable is to not approve updates until the day you want them installed and then install them with a script that day, but that is a lot of extra labor that would not be needed if Microsoft had not messed up the automatic updates process for Server 2012.
I also don't see any policy settings that allow you to completely disable the automatic maintenance either. All it does is allow you to set a time of day, but it will continue to run every day.
-
Thursday, April 11, 2013 1:25 PMThe viable solution for me - is one where I can control the day of the week. And right now - we don't have that here.
-
Monday, April 15, 2013 5:41 PM
The viable solution for me - is one where I can control the day of the week. And right now - we don't have that here.
Agreed. We need to be able to control the day or this is a downgrade. No admin wants to wait until the day before to approve updates just because MS took away our control of when updates are applied. -
Wednesday, April 24, 2013 7:48 PMI just want to add my complaint here as well. I control patching for about 1,000 servers for a hospital and they have to reboot during a 1 hour maintenance window once a month. WSUS works quite well for that, but the design "enhancement" could be that Microsoft wants to force us to use System Center Configuration Manager and pay for licenses to have our servers reboot at a certain time. Does anyone know if System Center allows for an update install and reboot at a certain time?
-
Wednesday, May 22, 2013 6:51 PMJust adding my name to the list of folks inconvenienced with this issue - production servers rebooting in the middle of the day after being logged onto and getting the 15 minute warning with no way to postpone. MAJOR step backward - Server 2008 worked fine. This is unacceptable.
.png)
