SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Patching Problems


Patching Problems

Author
Message
Steve Jones
Steve Jones
SSC Guru
SSC Guru (247K reputation)SSC Guru (247K reputation)SSC Guru (247K reputation)SSC Guru (247K reputation)SSC Guru (247K reputation)SSC Guru (247K reputation)SSC Guru (247K reputation)SSC Guru (247K reputation)

Group: Administrators
Points: 247701 Visits: 19802
Comments posted to this topic are about the item Patching Problems

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
thomas.seidel
thomas.seidel
Forum Newbie
Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)

Group: General Forum Members
Points: 1 Visits: 3
Hello, I wanted to write how we do patching of Microsoft CU in Client Servers.

My Company sells small and big servers as part of an industrial systems. Most of those are running isolated from the internet, with a VPN just established for maintenance purposes in a small timely window. In some of them we are obliged per contract to keep the system up to date.

We found a packager program for Microsoft Updates (not SQL updates, which we apply manually by Service Packs only). This packager is published on wsusoffline.net and needs a master machine to collect and prepare a package. This package can be transferred (we use 7zip for packing the provided subdirectories, and transfer them by FTP or USB to the client servers). There you run it.

Benefits: If I prepare such a package, and I test it on some reference machines, the risk of a bad patch in the rollout to the one hundred other servers is lowered. If I would use Online Microsoft Update, I would have to control manually that no other than the tested patches are installed on this machine. In my case this is granted by using the identical package. 7Zip seems to be safe enough to grant this.

Another benefit: The installer of that packages comes with the option to automatically reboot and proceed any time this is required by the update progress. There is no delay like a message waiting for confirmation at the console (which is not seen by anybody, because the servers mostly have a remote access only). Whenever the Windows Update requires a reboot, the package installer will instantly follow it. This reduces the time I have to monitor the server personally. I just login near the end of the agreed downtime, check, disconnect, and proceed hopefully to the next server.

On our reference machines at the office I can easily control the completeness of the offline procedure by running online updates right afterwards, and to note down the discrepancies. Each of such must have a reason. After that I am done for this months and all my important servers are patched. All unimportant servers will be patched on demand only, like twice per year. The risk for such rare patches is acceptable to most clients because of the isolation from the internet.

I hope this is a helpful procedure for other organizations also.
TAS
Gary Varga
Gary Varga
SSC-Dedicated
SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)

Group: General Forum Members
Points: 38064 Visits: 6562
I think that SQL Server patches are just an example of a bigger issue that Microsoft appears to be attempting to resolve in a single way for all types of Windows OS installations. I am sure that they do this but they really need to look into the whole bunch of scenarios and provide relatively simple solutions for all of them. Sure, default to update as the fixes come, however, there needs to be a better management of patches and updates between the "as they come" and the "manually applied" strategies.

Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
chrisn-585491
chrisn-585491
SSCertifiable
SSCertifiable (5.9K reputation)SSCertifiable (5.9K reputation)SSCertifiable (5.9K reputation)SSCertifiable (5.9K reputation)SSCertifiable (5.9K reputation)SSCertifiable (5.9K reputation)SSCertifiable (5.9K reputation)SSCertifiable (5.9K reputation)

Group: General Forum Members
Points: 5896 Visits: 2647
If it's any consolation, patching in other OSes (Linux, xBSD) is both better and worse at the same time. Package management, testing and dependencies can still be a bloody mess at times. There's also a huge spectrum in the quality of software depending on the type of applications.
djackson 22568
djackson 22568
Hall of Fame
Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)

Group: General Forum Members
Points: 3867 Visits: 1262
IMO Windows 8 is nothing more than Vista II. It is by far the worst OS I have seen them release. I know some people like it, but invariably those are people who for whatever reason are using a tablet.

Windows 8 sucks on a PC or laptop.

Case in point - I built a new PC from scratch. I followed Microsoft recommendations on using sysprep to move the users folder off the SSD that I spent significant money on. SSDs have a limited number of writes, and given how IE handles caching, and given that your OS drive is NOT typically large enough to store your data, it made sense.

That is, until MS released 8.1, which does NOT support upgrading any system that has been syspreped!

MS's response is that the Microsoft sysprep tool is not supported, even though it is a Microsoft product, pretty much all businesses use it, and there is no logical reason to not support it.

Thus began my current project of removing Windows from my life. Ubuntu, Mint, Fedora, RHEL, CentOS, all of these are far easier to install and manage. My then 6-year old can install software on Linux without worrying about infecting my network. Why would I want to overpay for an OS that is so bad the manufacturer doesn't support it under normal operating conditions.

Dave
Gary Varga
Gary Varga
SSC-Dedicated
SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)

Group: General Forum Members
Points: 38064 Visits: 6562
djackson 22568 (5/27/2014)
IMO Windows 8 is nothing more than Vista II. It is by far the worst OS I have seen them release. I know some people like it, but invariably those are people who for whatever reason are using a tablet.

Windows 8 sucks on a PC or laptop.

Case in point - I built a new PC from scratch. I followed Microsoft recommendations on using sysprep to move the users folder off the SSD that I spent significant money on. SSDs have a limited number of writes, and given how IE handles caching, and given that your OS drive is NOT typically large enough to store your data, it made sense.

That is, until MS released 8.1, which does NOT support upgrading any system that has been syspreped!

MS's response is that the Microsoft sysprep tool is not supported, even though it is a Microsoft product, pretty much all businesses use it, and there is no logical reason to not support it.

Thus began my current project of removing Windows from my life. Ubuntu, Mint, Fedora, RHEL, CentOS, all of these are far easier to install and manage. My then 6-year old can install software on Linux without worrying about infecting my network. Why would I want to overpay for an OS that is so bad the manufacturer doesn't support it under normal operating conditions.


I agree that your sysprep issue is unacceptable. This will become an issue time and time again.

I just wanted to say that from a OS as a client point of view that I like it. I am using it on a laptop (without touchscreen) for development and have found it to be the best Windows OS so far.

I may eventually move off Windows but not until the majority of my clients do.

Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
djackson 22568
djackson 22568
Hall of Fame
Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)

Group: General Forum Members
Points: 3867 Visits: 1262
Gary Varga (5/27/2014)
djackson 22568 (5/27/2014)
IMO Windows 8 is nothing more than Vista II. It is by far the worst OS I have seen them release. I know some people like it, but invariably those are people who for whatever reason are using a tablet.

Windows 8 sucks on a PC or laptop.

Case in point - I built a new PC from scratch. I followed Microsoft recommendations on using sysprep to move the users folder off the SSD that I spent significant money on. SSDs have a limited number of writes, and given how IE handles caching, and given that your OS drive is NOT typically large enough to store your data, it made sense.

That is, until MS released 8.1, which does NOT support upgrading any system that has been syspreped!

MS's response is that the Microsoft sysprep tool is not supported, even though it is a Microsoft product, pretty much all businesses use it, and there is no logical reason to not support it.

Thus began my current project of removing Windows from my life. Ubuntu, Mint, Fedora, RHEL, CentOS, all of these are far easier to install and manage. My then 6-year old can install software on Linux without worrying about infecting my network. Why would I want to overpay for an OS that is so bad the manufacturer doesn't support it under normal operating conditions.


I agree that your sysprep issue is unacceptable. This will become an issue time and time again.

I just wanted to say that from a OS as a client point of view that I like it. I am using it on a laptop (without touchscreen) for development and have found it to be the best Windows OS so far.

I may eventually move off Windows but not until the majority of my clients do.


I respect that you like it. I don't understand why, as the whole issue of removing the start button is just plain stupid if you don't have a touch screen. That said, each of us works differently, and if it works for you, that is a good thing. If I had a touch screen device with Windows, not that I can imagine ever wanting one given how much I love my iPads, I can see how the design might be better.

I still use it at home but only for apps that I can't replace yet in Linux.

One other thing I forgot to whine about, when I first built the machine it booted up in 5 seconds. Linux still boots that fast, but Windows now takes over 30 seconds. That has been an issue with Windows forever, every patch slows down the system even on an SSD.

Sigh.

Dave
John Hanrahan
John Hanrahan
SSCommitted
SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)

Group: General Forum Members
Points: 1653 Visits: 1483
I use Win 8 and Win 7 at home and Win 8 at work. I don't have touch screens except on the Surface Pro I use. Win 8 is ok and I am as productive as on Win 7. The Sysprep issue is unfortunate, too bad M$ doesn't get it.
phegedusich
phegedusich
SSC-Addicted
SSC-Addicted (406 reputation)SSC-Addicted (406 reputation)SSC-Addicted (406 reputation)SSC-Addicted (406 reputation)SSC-Addicted (406 reputation)SSC-Addicted (406 reputation)SSC-Addicted (406 reputation)SSC-Addicted (406 reputation)

Group: General Forum Members
Points: 406 Visits: 531
We have SCCM control patch/update management. They are all (or should be) applied in the test and cert domains before release to production. Doing otherwise is a recipe for disaster.
dbaalek
dbaalek
Forum Newbie
Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)

Group: General Forum Members
Points: 1 Visits: 2
Ultimately the balancing act and plate spinning magic that has to occur deep inside the labs in OS development companies should humble us so we may see more of this elusive science and better learn from the masters (in their realm) of our race.

It's up to us.

Most admins need very specific testing platforms that mimic target systems as near as possible in order to propagate ANY change to their production secured environments. To expect perfect updates assumes the update provider will test our specific configuration. The exposure or sharing of this most intimate internal systems architecture is more and more becoming a serious risk regarding many aspects requiring tight information security.

So therein the push for better internal testing and change management processes. It's we that need to improve our own acquisition, assimilation and integration methodologies to mitigate the inherent issues in the updating and patching of core systems.
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum







































































































































































SQLServerCentral


Search