WHY WHY WHY! What were they thinking?
Sorry this post is a little ranty but wow this caught me unawares and I just cannot see the logic to the changes. If you want to fast forward to just fixing it scroll down to the section "How to fix"Official Resoning from MS about the changes can be found here: here
In the section: 'Automatic Maintenance and changes to restart behavior after updates are applied by Windows Update' - it states: "Because Windows Update is a part of Automatic Maintenance in Windows 8 and Windows Server 2012, its own internal schedule for setting a day and time to install updates is no longer effective" So the GPO which worked fine on Windows Server 2000, 2003 and 2008 suddenly does NOT control when your updates and subsequent reboots are installed in Windows 8 clients or Server 2012. So how do you get back control of when your server reboots for updates? You need to configure the ""automatic maintenance" feature - of course, because consistency is boring. To configure this via GPO instructions are available here: http://blogs.technet.com/b/wsus/archive/2013/10/08/enabling-a-more-predictable-windows-update-experience-for-windows-8-and-windows-server-2012-kb-2885694.aspx in a KB Article entitled Enabling a more predictable Windows Update experience for Windows 8 and Windows Server 2012 My question is whose grand idea was it to have a less predicatable Windows Update experience in the first place. *sigh* Microsoft went some way to fixing the issue with KB2885694 which now means 2012 will at least acknowledge your GPO auto update settings but will still insist on doing a restart 3 days after the updates have been installed, which means an update might get installed at 4pm on Sunday will result in a reboot of a production server at 4pm on Wednesday. To prevent that - enable the "Always automatically restart at the sceduled time policy" which is shown in the example configuration about halfway down the "more predicatble windows update experience" page linked to above but for my scenario and recommended config (note unless using Server 2012 domain you will need to install the Server 2012 ADMX templates which are available here: http://www.microsoft.com/en-gb/download/details.aspx?id=36991 yet when I tried that - even with the admx templates installed I just could not find the Always automatically restart at the scheduled time policy, even in all policies view... sigh Rant Over!
How to fix it
Basically we need to apply the usual GPO updates policy used for your 2003, 2008 servers but in addition create the following key in the GPO (and just target it at server 2012 servers):- Registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
- Value: AlwaysAutoRebootAtScheduledTime
- Type: REG_DWORD
- Value data: 0 (default value) or 1 (force a restart)
Create a new GPO and drill down through Computer Config > Preferences > Windows Settings > Registy
Right-Click the Registry items and click New > Registry item
Add the above registry information into the key
Apply to your Windows Server 2012 servers and we are done! Normal update behaviour should be resumed. YAY!
No comments:
Post a Comment