How does everyone treat restarts during baselines?
I just can’t seem to get it right and I’ve tried multiple methods. It always just stays in Pending Restart state.
My current baseline setup is:
Restart Needed (pending restart)
Install Servicing Stack
Force Restart (restart 30)
Install Monthly Rollups - Windows, IE, .NET, etc…
Force Restart (restart 30)
I do not use the Post-Action restart for the Baseline.
I have tried Reapply this action, and both “whenever it becomes relevant again” and “while relevant, waiting 15 minutes between applications”.
This reapply never runs, even though the current state is “Pending Restart”.
What am I missing?
Here’s the current state of the action.
Waiting for restart to complete action.
This action has been applied 1 time.
This action has been retried 1 time.
Status Pending Restart
Pending Restart Restart Needed
Completed MS20-JUL: Servicing Stack Update for Windows Server 2019 - Windows Server 2019 - KB4558997 (x64)
Completed Force restart (30 seconds)
Pending Restart MS20-JUL: Cumulative Update for Windows Server 2019 - Windows Server 2019 - KB4558998 (x64)
Pending Restart MS20-MAY: Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 - Windows Server 2019 - .NET Framework 3.5/4.7.2 - KB4552924 (x64)
Not Relevant MS20-MAY: Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 - Windows Server 2019 - .NET Framework 3.5/4.8 - KB4552930(x64)
Pending Restart MS20-JUL: Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 - Windows Server 2019 - .NET Framework 3.5/4.7.2 - KB4565625 (x64)
Not Relevant MS20-JUL: Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server 2019 - Windows Server 2019 - .NET Framework 3.5/4.8 - KB4565632 (x64)
Pending Restart MS20-JUN: Security Update for Adobe Flash Player for Windows Server 2019 - Windows Server 2019 - Adobe Flash Player - KB4561600 (x64)
Completed Force restart (30 seconds)
Wait a minute. You may be in dangerous territory here and possibly putting your devices into a needless reboot cycle. You mentioned patching… have you tried the auto-patch policy in webUI?
How so? Where would a reboot cycle occur with that setup?
Haven’t experienced it, and it’s not rebooting at the end anyhow
No, haven’t looked at the webui. In the past I found that quite limited and having to switch between webui/console for management is annoying so we will just use a single method.
I agree on WebUI being limited and generally a clunky interface vs. the BES Console but there are a couple of features that only exist there such as auto-patch policies. Those actions and the history of them will still show up in the console though.
That said… Because the baseline relevance is set to “true”, won’t anything targeted run it? If that is the case and there is a reboot task embedded in it, then the target device will reboot. Depending upon how the reboot task relevance is coded though, it may not come back successfully before the next run since retry is set to 15 minutes. This condition may be why your systems always show “pending Restart”.
Perhaps lengthen the retry time to something longer than it takes the baseline to run?
Baseline relevance = true, but the target is a specific group when I take action.
The target group will only apply if it requires any of the MS fixlets. The Restart Needed task is not checked for baseline relevancy.
Rebooting is good. I want it to happen when needed.
I set the expiration of the action to 2 hours, and it completed the patching within 30-40 mins, so it should have had 1.5 hours to report and reapply.
The relevance for the Restart Needed task is out of the box ‘pending restart’
Keep in mind, as well, that the Restart Pending status can be reported due to Windows registry entries that indicate Windows is waiting for a restart to finish other unrelated actions. To tell if Windows wants a restart for something unrelated to BigFix, here’s the best place I could find for where those registry keys are mentioned: Pending Restart Issue. There used to be support articles explaining all of this, but all my bookmarks to those were to the old IBM support site and they stopped working months ago when all of that was moved to the new site.
A request was submitted years ago for additional functionality to allow us to set actions to keep rebooting until Pending Restart is no longer the status. I want to say the official response was that such functionality was being looked at since it had been requested a lot. I don’t know what ever became of that idea, though.
I’m pretty sure you can make it keep rebooting, but there’s a risk that some badly written applications (looking at you, HP Print Monitor) keep rewriting the pending restart keys and you end up in a reboot loop.
You can whitelist particular entries so they don’t trigger the pending restart logic.
To get multiple reboots, add the “Reboot Needed” task to your baseline and check the box to include it in the Baseline Relevance. Be careful about “reapply whenever it becomes relevant again” though.
Good point. I’ve seen a number of situations here where a VM gets stuck in that Pending Restart state and when I dig into it, I find it’s because it’s unable to finish updating VMTools for some reason. So, I have to manually uninstall it and reinstall to fix that.
Hi Jason.
Just curious. Why would that checkbox make it reboot if it doesn’t reboot when it’s unchecked?
Doesn’t the action still take place if it’s relevant regardless of checking that box?
My understanding was that it just changes which machines is relevant for the baseline itself?
ie: I only want the baseline relevant where the latest Windows monthly rollup is needed. I don’t want the baseline relevant if every other machine needs a restart for some reason.
Also, why be careful about “reapply whenever it becomes relevant again”?
If I do a manual reboot, or a 2nd force restart (custom) it clears the status. So why would it need two reboots at the end?
The “Include in baseline relevance’” checkbox will.make the baseline relevant even if the only thing needed is the “pending restart”.
After the baseline finishes (doing multiple reboots if necessary), if a user logs on a few days later and so much as loads a print driver that flags one of the PendingFileRenameOperations keys, the machine can go back into ‘Pending Restart’ - which can trigger the baseline to run again and reboot the system.
That could be repeated multiple times if ‘Reapply whenever it becomes relevant again’ is set on the baseline action.
What exactly does the “Restart Needed (pending restart)” and “Force Restart (restart 30)” components do to reboot the server?
If you are setting the post-action configuration for these components, then it won’t work because the behavior set at the baseline level overwrites whatever you set in the Fixlet’s behavior.
In my case, I don’t have any post-action in the component that reboots my server.
I have as action script the following:
restart 60
Relevance:
pending restart
I had to set the following setting as I was having cases were the BigFix process was waiting for user’s input:
The “Pending Restart - Windows” analysis from user Strawgate’s C3 content on BigFix.me is a great help to find all the reasons that reboots may be pending and strings you may need to add.
Thanks guys. @fermt - I don’t use post-action restarts for baselines. My restart fixlets are the same as yours.
I don’t have a problem restarting in the middle of baselines. That works fine. It’s just the one at the end that isn’t removing the “pending restart” state.
@JonL, @sludyk, @IanDM
If I restart the server manually, it clears the state so I don’t think having those filters is going make a difference.
I guess I just need to perform a separate action at a later time than the baseline to cater for pending restart which will work.
It’s silly this doesn’t work within a baseline though.
