I have a situation where a Windows server was patched and successfully restarted. No one noticed if there still Pending Restart status visible from BigFix. Then, during a preventive restart hours later, the server started to finish a previous patch install process in the style of “Working on updates. 13% complete. Don’t turn off your computer”. Everything points to not enough restart applied.
I created a .BAT script to check the Registry keys if there’s any pending restart floating around - based on KB0022463 information - to doublecheck if a restart is still needed.
Do you know of a better approach to prevent this kind of behavior?
I would be curious if your batch finds anything different after the initial reboot and thought of things being clean. And when it does notice something does Bigfix relevance “Pending Restart” report true as well.
I have noticed for a long time that Windows and its Servicing process is very Asynchronous to when patches say they are installed. I can watch a server over the following few hours report ‘pending reboot’ and not a few times as its does things.
I can’t prove it now and it’s not something that happens often… but I have saw situations where a Windows device needs two reboots.
My best guess is that it’s just some weird combination of when the device patched last, what has been updated in between patching events, and what was going out this patching event… etc.
Years back we added an extra fixlet (relevance = pending restart) that simply reboots servers if pending reboot has been detected by the BigFix client. We combine that with some PendingFileRenameOperations filters to reduce the number of reboots. But our devices now reboot IF it’s needed during maintenance. Related, I am about to discuss with my management if we want to consider ignoring all PendingFileRenameOperations for a month and see if it reduces reboots while also maintaining our patch successful level. We’re seeing SO many PendingFileRenameOperations items these days with self updating apps, it’s pretty crazy.
Thank you gentlemen for the insights.
Last night we had a new similar event. All patches were applied with no error messages, the system owner restarted the server at least twice afterward. The batch script shown “No Restart Needed”. Today the batch script shows “Restart Needed”.
According to the support team, it would be revealing to cross check the windows update events with the client’s log during the timeframe of the reboot when odd behavior took place.
I hope to have news soon to share.
Thank you very much again.