We’ve begun using Windows 2012R2 servers and i’ve found a curious thing. I’ve installed a fresh Windows 2012 R2 server on 14 may 2014, made an snapshot checkpoint and ran Windows update. As expected there were several updates available;

Important Updates;

And optional;

I selected them all (except Silverlight as i think that shouldn’t be on a server anyway), installed it and press reboot.;

So nothing new here, all of us do this regularly i suppose. But after pressing reboot, it took a long time for the system to go down and normally a reboot takes just a few minutes so i checked again and found;

huh?!

After rebooting a few times (i assume rolling back the updates) i logged back in and saw all kinds of failed updates.

I also found a event 6008 (unexpected reboot), so i figured something went wrong. So i reverted to the previous checkpoint and tried it again, but with the same result. I tried it at a different site in another datacenter and the same happened, although without the 6008 event (i recorded a video aswell, but that takes time to post). I have reproduced the symptoms on 3 different VM’s. The hosts are Dell PowerEdges, the hypervisor is Hyper-v Datacenter 2012 R2 so nothing weird here.

I suppose those updates are superseded by new updates or revoked or something? After updating 2 times more, i got the Windows 2012R2 update1, and after that some more updates and then finally no more updates available, so i suppose everything is in order.

But i can’t help thinking this is weird, i would expect;
– No failed installs. Why offer updates that will fail on install? The system has to download them, reboot, finish install them, failing the install, uninstall/rollback them. In the first case this even resulted in a system crash, and mayby a risk of damaged system files? I think is a serious issue with quality control at Microsoft. I think this is still an issue with the updates after the release date of Windows 2012. Read about that story here, here, here and another example here (you can see what feeds i read.. :mrgreen: ). I would have thought MS had enough time to fix this as my faith in updates declines more and more.
– I’ve looked at a few of those updates and a few of them are rollup packs. But why download more than 1 rollup? The latest rollup should contain the last!
– I understand updating Windows systems can be complex and i expect a lot of people with more brains than me have though about this. But please give me a way to update a newly installed system without taking 4 hours of my time by pressing update/reboot. I know there are ways to automate this with System Center and auto install updates, but this takes time as updates are mostly installed during a maintenance window and if it takes me 4 install/reboots/checks, it takes 4 maintenance windows (so in most cases a few days) to update a newly installed system before i can configure the system. And do we really need 4 cycles? Shouldn’t it be the latest rollup and the post-rollup patches?
– Most of the time i want to run all the updates, but i find myself pressing for time and configuring auto update to update during the maintenance window, i.e. configuring the system before it gets all the updates. But with 2012/2012R2 this has caused me more wasted time because of all the bugs that aren’t fixed yet with the windows updates. Try to install WSUS on a not patched Windows 2012 server and find out you have to reinstall because of missing rights on the temp folder.
– MS wants us to have all systems up to date, don’t they? A 120 days support cycle is prove of that. So why make the update process so time consuming? If i let the system update itself during the maintenance window, it takes 4 days before the system is up to date, leaving bad guys 4 days to get exploit vulnerabilities!

And i can help thinking this can all be avoided by a proper quality control, so MS: Get your act in order!! 👿

 

Update 8 nov 2016: I think this is the core problem. There is probably one of the initial updates that solves this..

Categories: Windows Server

11 Comments

  1. K-Dee

    I have seen this as well over the past month or so on new 2012R2 Hyper-V servers that were stood up using the Server2012R2 with SP1 ISO. It just keeps failing and rolling back and rebooting…..

    I was able to get around it the first time by installing all critical security updates first, and then installing all optional/recommended updates after that.

    Ran into it again tonight and I am going to try to install KB2919355…(it appears at the bottom of the list and has security updates and the non-security updates that were released before March 2014)…..and then install everything else and see if that works.

    I will update this thread if it works.

    1. Dennis Pennings

      Did you find an specific update?
      Did you check if the link below solved your issue?
      https://www.frankysweb.de/windows-update-hngt-bei-67-prozent-nderungen-werden-rckgngig-gemacht/

  2. Trevi Umbria

    In a fresh install of Windows Server 2012 R2, windows update download only 24 updates.
    After restart, no windows update error, but no new update.
    I manually installed KB2919355 from https://www.microsoft.com/en-US/download/details.aspx?id=42334.

    Install Instructions
    These KB’s must be installed in the following order: clearcompressionflag.exe, KB2919355, KB2932046, KB2959977, KB2937592, KB2938439, and KB2934018.

    KB2919442 is a prerequisite for Windows Server 2012 R2 Update and should be installed before attempting to install KB2919355 (from https://www.microsoft.com/en-US/download/details.aspx?id=42153)

    After few restarts, windows update finds 256 updates!!

    Thanks for solution

    1. Dennis Pennings

      Hi Trevi, thank you for sharing! Let’s hope the new rollup updates fix this issue, so that we only need 1 rollup after installing a WS12R2 server. On WS16 i did not experience any of these problems, but i’m guessing it doesn’t have 200+ updates yet.. 😉

    2. Michael

      We had the same issue on our 2012 R2 servers. Most would install ALL patches from our WSUS server however some wouldn’t install the KB2919442 and KB2919355 pre-requisites. Get the same results even if i check in with Microsoft Update (instead of WSUS)

      I haven’t found any pattern yet

      All VMs
      Varying Networks
      Varying VM Hosts
      Some cloned servers worked – other did not
      Some servers attached to WSUS via load balancer and others direct
      Some servers in the same WSUS “computer groups” will work and others won’t

  3. Dennis Pennings

    I hope the new rollup strategy (active from october) will resolve some of these issues, although i’m finding it very hard to find documentation for the new patch strategy.

  4. Hi Dennis,

    I too am having issues with updates on a fresh install of Server 2012 R2 running in a Hyper-V instance.

    The install went swimmingly, yet when I check windows update it says I have 200 updates.

    So I click install and lo and behold the installation fails and then doesn’t roll back.

    So now I am left scratching my head as to what to do.

    I tried adjusting the “BlockTimeIncrement” value as your update suggested but I am prevented from doing so inside of the registry editor for reasons that remain unclear.

    This is only a 180 day trial copy and at this rate it will take that long to get the damn thing patched.

    >:-(

    1. Dennis Pennings

      Hi Alex, Did you try the solution from Trevi?

  5. Charlie Mac

    solution posted by Trevi worked for me,

    I applied this to 2 servers, one I restarted when prompted after each update and the other I installed them all then rebooted, the net result on both was the same, after reboot I ran wuauclt /reportnow /detectnow both servers found 88 updates to start, possibly more after this lot has installed, hope this helps

    Charlie

  6. Jean-Claude

    Thanks a lot, Trevi

    That saved my day, I was really wondering why I was unable to build a new 2012 R2 from scratch.

    HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ TrustedInstaller
    blocktimeincrement to 10800 was the answer to my question.

    Btw, Microsoft have to really find an answer to this bug 🙂

    Merry Christmas

    jean-claude

  7. Michael Keating

    Thank you for posting this! I spend three days trying to figure this out and Trevi Umbria’s solution worked perfectly. What a mess that Microsoft would tell you it is completely updated when it is in fact missing 200+ updates.

    Michael

Leave a Reply

Your email address will not be published. Required fields are marked *