Re: sms 2003 patch management is brutal!

From: Kim Oppalfens (kim_at_computacenter.nospam)
Date: 11/10/04 

Date: Wed, 10 Nov 2004 20:10:19 +0100

inline

> I just started to play with patch management. I created an
> advertisement for the latest IE cumulative update (834707) using the
> Software Update Wizard. I then targeted it at my 'servers' collection.
> In the options I told it to defer rebooting for servers.
>
> Here's my experience with it:
>
> - The program ran on servers that already had the patch installed
> previously (isn't that the point of the scan tool, to determine what
> patches are needed?)
Yes, it is, are you sure the patch was installed and active? That means
was the machine rebooted after the patch if needed? If a patch that
requires a reboot is installed without rebooting the patch isn't really
alive and the scan tool will report it as such. By consequence the patch
will reinstall.

> - Despite telling it to not reboot the servers, lo and behold all the
> servers tell me they are rebooting and gave me the countdown timer
How did you tell it not to reboot the servers? I assume in the
distribute software updates wizard. Did you also use the suppress reboot
switch on the patch? The wizard actually waits for the result of every
patch you install if you suppress the reboot in the patch it will write
to a log file that the reboot was suppressed. Once all patches have
installed the wizard will check the log file and verify whether any
reboots were suppressed. If so, the wizard tool might trigger a reboot,
unless you suppress that reboot during the wizard.

> - There's absolutely no logging in Event Viewer on the clients to say
> that the patch was installed
Not really an sms issue, this is something that the patches should take
care of if we want that. Sms does generate a log file called
patchinstall.log and registers in wmi.

>
> I think I'll stick with SUS........it's free, it's intuitive in
> comparison, and it works as it's designed.
I agree with all your observations on SUS, just want to add that sms
works as designed as well.

I think Microsoft is well aware of the not so intuitive way sms patch
management works.
>
> J.
> 

-- 
Kim Oppalfens
Proud father of Lennart Oppalfens 
Since 05/11/2004 08.53 GMT+1

Relevant Pages

  • Re: sms 2003 patch management is brutal!
    ... The sync host is only selected once, during installation of the scan tool. ... You don't re-select it when running the Distribute Software Updates Wizard. ... SMS patch management is ... >>> requires a reboot is installed without rebooting the patch isn't really ...
    (microsoft.public.sms.admin)
  • Re: sms 2003 patch management is brutal!
    ... SMS client computer to run this taks. ... >> You don't re-select it when running the Distribute Software Updates>> Wizard. ... SMS patch management is>>>> extremely ... >>>>> requires a reboot is installed without rebooting the patch isn't ...
    (microsoft.public.sms.admin)
  • Re: KB917537 Failing
    ... I honestly hand patch servers... ... Windows Server 2003 Hotfix KB917537 installation failed. ... The consensus among the MVPs is that SBS'ers should reboot after patch ...
    (microsoft.public.windows.server.sbs)
  • Re: sms 2003 patch management is brutal!
    ... I am actually going thru implementing Patch Mgmt myself and I am running into ... gives me that option in the wizard. ... >> requires a reboot is installed without rebooting the patch isn't really ... Did you also use the suppress reboot ...
    (microsoft.public.sms.admin)
  • Windows 2003 clustering for file serving.
    ... Two file servers powered on at the same time. ... If one has a failure, if I need to patch it and reboot, or if I need ... "...If one of the nodes in a cluster becomes unavailable as a result ...
    (microsoft.public.windows.server.clustering)