Thursday 13 October 2011

Patching SBS 2008 and SBS 2011

We are noticing that some of the recent updates are requiring several auto reboots of the server along with a seemingly long hang at a blank or green screen.

In our Setup Guide at step 24 as of this writing we outline how we go about patching our SBS servers:

    • Update to the latest SBS Update Rollup first.
    • Run updates according to the following product groups:
    • Windows Server 2008 Standard R2
      • Run OS Updates at around 10-15 per reboot cycle.
      • Run OS Security Updates at around 5-10 per reboot cycle.
    • Exchange SP1/2/3 or Exchange Rollup RU1/2/3/etc 
    • .NET
      • If .NET v1 is present update first.
      • Do .NET v2 and v2.x updates one at a time.
      • Do .NET v3 and v3.x updates one at a time.
      • Do .NET v4 and v4.x updates one at a time.
      • Reboot between each cycle as requested.
    • SQL
      • Start with 2005 versions.
      • Next to 2008 versions.
      • Next to 2008 R2 versions.
    • SharePoint Foundation, WSUS, and others.

One of the things to be mindful of is which updates are selected when opening the Windows Update console for the first time. We are seeing that while most updates are selected by default some _are not_.

Why are they not selected?

To hazard a guess probably because there are patches that need to be in place prior to their being applied.

So, take note of any patches not selected and run them last.

We follow the above patching guideline religiously. For a server that may have 20, 30, or more patches waiting our method could mean tacking on an extra hour or more of time to get that server up to date.

We balance the risk versus the reward. Would we prefer to spend some extra time running updates on the server or take even more time restoring the server from backup because something blew up?

And, in this case out of all the update runs we have done over the years we have only had one bad patching victim on SBS 2008. SharePoint service pack 1 killed the Companyweb on a newly installed server.

From what we understand .NET updates somehow compile themselves on the fly. This is one of the causes of a long update cycle. Note that we update .NET patches in family first and only two or three at a time!

On SBS 2011 note that there is an extra manual step for SharePoint Foundation updates!

image

Make sure to run that command afterwards.

The command:

  • PSConfig.exe -cmd upgrade -inplace b2b -force -cmd applicationcontent -install -cmd installfeatures

Remember to run a backup of the server before starting any updates (yes, in between too!) and be prepared to restore that server!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

No comments: