Service outage with /quiet /norestart?

Hi All,

I create patching baselines for our Windows server fleet (2003~2012) containing all the relevant Critical and Important updates. Due to very tight outage windows, recently we have been pushing out our patching baselines a few hours before our outage starts. We’ve found this greatly accelerates our patching process with around 90~95% of our servers patched and awaiting reboot when our outage window starts.

Every single Critical or Important patch fixlet I have ever seen from the “Patches for Windows” site has stipulated the “/quiet” & “/norestart” switches, and from our testing through the dev/test environments we’ve never seen a server reboot itself as a result of having applied our patching baselines. One of the senior admins where I work however has told me he has seen services on a server restart as a result of installing some patches, regardless of the installation switches used. I’ve not seen this and just wondering if anyone else had?

What is the expectation from the “/norestart” ?

That is supposed to mean don’t restart the system, but a component may restart due to a patch etc.

Thanks Alan,

I guess I was taking it to mean no outage rather than just a no system outage. Given that we are deploying close to our window anyway and we have not seen an outage notification as a result then I gather we have either just gotten lucky or any outage has not been of sufficient length/severity to trigger an alert.

Bigger picture though is there appears to be no way to easily identify which patches will result in some form of service outage. It would be really good if this was identified the same as known issues or patch succession is. Totally not a bigfix issue, however I don’t think I am alone from a sysadmin side getting continual pressure to reduce outage windows and window length. Using this method of deployment saves us at least an hour, which in a 3 hour window is a pretty big win.

I’ve seen similar behavior, especially with .NET Framework updates taking down custom ASP.NET applications or JRE upgrades taking down Tomcat services.

If you are using clustered servers you might look into BigFix Server Automation (available in the BigFix Lifecycle license). That gives you workflows for moving the cluster services among nodes as you patch the offline member.

1 Like