There is a lot of information there.
- Update 1 is the new baseline for all updates going forward.
- Meaning, no more updates to that OS if the bits are earlier than 8.1 U1 or 2012 R2 U1.
- Update 1 breaks SSL communications between endpoints and WSUS
We just stood up a new cluster on 2012 R2. After our Cluster-Aware Update run:
Our cluster nodes now have the update. Since this cluster setup is Greenfield with WSUS ultimately ending up _on_ the cluster the nodes were updated via Microsoft Update.
The workaround for this situation is to enable TLS 1.2 as instructed in the above blog post. Since we are deploying Windows Server 2012 R2 into client sites we will have no choice but to make this change.
Then, when Microsoft releases an update to the update to hopefully fix the problem we will need to test that update extensively _especially_ in a cluster setting!
Yo Microsoft! There is a huge pool of folks willing to test and break this stuff for you! Please get us involved in the early bits for operating systems, applications, and updates again. This ongoing situation of releasing patches and updates to the public without testing them on disparate systems is a _bad_ thing. :(
EDIT: Updated the Gladiator link since between Live Writer and Blogger it got mangled.
Philip Elder
Microsoft Cluster MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book
Chef de partie in the SMBKitchen ASP Project
Find out more at
Third Tier: Enterprise Solutions for Small Business
If you are using 2012 R2 servers, you don't have this problem:
ReplyDelete"Note If you are using the WSUS Server Role on Windows Server 2012 or Windows Server 2012 R2 to manage Windows 8.1 or Windows Server 2012 R2-based devices, you are not affected by this problem."
Where this would be a very serious problem is if you are in a pre-2008 R2 environment, because there is no ability to be turn on TLS 1.2 to fix WSUS communication.
TLS 1.2 is the newest and most secure communication protocol for HTTPS. You WANT to be using this if your environment supports it (ref: http://en.wikipedia.org/wiki/Transport_Layer_Security#Cipher).