We use Server Automation for patching our environment for both clustered and non-clustered servers. I recently removed KB4088878 our “March patch baseline” because it was causing our Server 2008 R2 VM to lose their NIC settings. However, when the Server Automation plan ran, the update was still installed.
We create our SA plans a few hours before they need to run, and the update was removed before the plan was active. Our non-clustered SA plan generally follows these steps:
- Run at ##:## time for Computer Group X
- Dynamically run baselines from site Windows Patching
- Restart Endpoint and Wait for Restart to Complete
So, it looks like if a Server Automation plan is waiting to execute, it will install any relevant fixlets that were in a baseline at the time the SA plan was created. Is that correct? I believe I’ve seen this behavior before when baseline components have a source that differs. If I click on sync all components, and the SA plan has already been created (but is not running at the time) it still tries to install the fixlet with the “old” source. If this behavior is correct, is there any workaround besides having to recreate any waiting SA plans?