We’ve begun using Windows 2012R2 servers and i’ve found a curious thing. I’ve installed a fresh Windows 2012 R2 server on 14 may 2014, made an
snapshot checkpoint and ran Windows update. As expected there were several updates available;
I selected them all (except Silverlight as i think that shouldn’t be on a server anyway), installed it and press reboot.;
So nothing new here, all of us do this regularly i suppose. But after pressing reboot, it took a long time for the system to go down and normally a reboot takes just a few minutes so i checked again and found;
After rebooting a few times (i assume rolling back the updates) i logged back in and saw all kinds of failed updates.
I also found a event 6008 (unexpected reboot), so i figured something went wrong. So i reverted to the previous checkpoint and tried it again, but with the same result. I tried it at a different site in another datacenter and the same happened, although without the 6008 event (i recorded a video aswell, but that takes time to post). I have reproduced the symptoms on 3 different VM’s. The hosts are Dell PowerEdges, the hypervisor is Hyper-v Datacenter 2012 R2 so nothing weird here.
I suppose those updates are superseded by new updates or revoked or something? After updating 2 times more, i got the Windows 2012R2 update1, and after that some more updates and then finally no more updates available, so i suppose everything is in order.
But i can’t help thinking this is weird, i would expect;
– No failed installs. Why offer updates that will fail on install? The system has to download them, reboot, finish install them, failing the install, uninstall/rollback them. In the first case this even resulted in a system crash, and mayby a risk of damaged system files? I think is a serious issue with quality control at Microsoft. I think this is still an issue with the updates after the release date of Windows 2012. Read about that story here, here, here and another example here (you can see what feeds i read.. ). I would have thought MS had enough time to fix this as my faith in updates declines more and more.
– I’ve looked at a few of those updates and a few of them are rollup packs. But why download more than 1 rollup? The latest rollup should contain the last!
– I understand updating Windows systems can be complex and i expect a lot of people with more brains than me have though about this. But please give me a way to update a newly installed system without taking 4 hours of my time by pressing update/reboot. I know there are ways to automate this with System Center and auto install updates, but this takes time as updates are mostly installed during a maintenance window and if it takes me 4 install/reboots/checks, it takes 4 maintenance windows (so in most cases a few days) to update a newly installed system before i can configure the system. And do we really need 4 cycles? Shouldn’t it be the latest rollup and the post-rollup patches?
– Most of the time i want to run all the updates, but i find myself pressing for time and configuring auto update to update during the maintenance window, i.e. configuring the system before it gets all the updates. But with 2012/2012R2 this has caused me more wasted time because of all the bugs that aren’t fixed yet with the windows updates. Try to install WSUS on a not patched Windows 2012 server and find out you have to reinstall because of missing rights on the temp folder.
– MS wants us to have all systems up to date, don’t they? A 120 days support cycle is prove of that. So why make the update process so time consuming? If i let the system update itself during the maintenance window, it takes 4 days before the system is up to date, leaving bad guys 4 days to get exploit vulnerabilities!
And i can help thinking this can all be avoided by a proper quality control, so MS: Get your act in order!! 👿
Update 8 nov 2016: I think this is the core problem. There is probably one of the initial updates that solves this..