Comments on: I need a confidence patch http://www.vladville.com/2006/09/i-need-a-confidence-patch.html Vlad Mazek on IT, Business and Technology Wed, 01 Feb 2012 22:49:32 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: Bob http://www.vladville.com/2006/09/i-need-a-confidence-patch.html/comment-page-1#comment-14218 Bob Sat, 28 Oct 2006 00:13:08 +0000 http://www.vladville.com/2006/09/i-need-a-confidence-patch.html#comment-14218 When I install server updates remotely, I always, always use tsshutdn to reboot the server. I haven't had a problem since I started doing that. When I install server updates remotely, I always, always use tsshutdn to reboot the server. I haven’t had a problem since I started doing that.

]]> By: Nick http://www.vladville.com/2006/09/i-need-a-confidence-patch.html/comment-page-1#comment-7785 Nick Tue, 19 Sep 2006 14:14:36 +0000 http://www.vladville.com/2006/09/i-need-a-confidence-patch.html#comment-7785 I think remote access cards (ILO, DRAC, etc.) are great - maybe even a necessity today. But that doesn't really address the root of the problem. We've developed an internal Patch KB for building out intelligence around new patches. All of our netadmins have their own individual profiles which they've used to virtually build-out the servers they support, and then they receive customized reports for their supported configurations. Reports include risk-assessments on individual patches, with risk status varying based on their server profiles. I have a post linked below which describes it in more detail. It's worked for us - especially in terms of knowledge sharing. While it doesn't address the root cause, it helps reduce pain-points for our customers. http://addicted-to-it.blogspot.com/2006/09/patching-risk-evaluation-of-patching.html I think remote access cards (ILO, DRAC, etc.) are great – maybe even a necessity today. But that doesn’t really address the root of the problem. We’ve developed an internal Patch KB for building out intelligence around new patches. All of our netadmins have their own individual profiles which they’ve used to virtually build-out the servers they support, and then they receive customized reports for their supported configurations. Reports include risk-assessments on individual patches, with risk status varying based on their server profiles.

I have a post linked below which describes it in more detail. It’s worked for us – especially in terms of knowledge sharing. While it doesn’t address the root cause, it helps reduce pain-points for our customers.

http://addicted-to-it.blogspot.com/2006/09/patching-risk-evaluation-of-patching.html

]]> By: indy http://www.vladville.com/2006/09/i-need-a-confidence-patch.html/comment-page-1#comment-7482 indy Sun, 17 Sep 2006 05:27:20 +0000 http://www.vladville.com/2006/09/i-need-a-confidence-patch.html#comment-7482 http://support.microsoft.com/kb/925308/ Corruption possible, and Microsoft wants you to wait it out. Whoops. http://support.microsoft.com/kb/925308/

Corruption possible, and Microsoft wants you to wait it out.

Whoops.

]]> By: E-Bitz - SBS MVP the Official Blog of the SBS "Diva" : The Reboot problem http://www.vladville.com/2006/09/i-need-a-confidence-patch.html/comment-page-1#comment-7172 E-Bitz - SBS MVP the Official Blog of the SBS "Diva" : The Reboot problem Fri, 15 Sep 2006 19:25:32 +0000 http://www.vladville.com/2006/09/i-need-a-confidence-patch.html#comment-7172 [...] We've been chatting about an issue that we've been seeing (and posts like Vlad's alude to) that rebooting sometimes doesn't ...or other patch issues that may be an issue to your remote clients.  We're seeing that the reboot mechanism in Microsoft update... well.. it just isn't... and when the server doesn't come back, you have to madly attempt to get back into a workstation to send it a remote reboot command.Remote into an internal workstation, and issue "shutdown -r -t 0 -m \server\servername-r = reboot-t 0 = timeout of zero-m = name of remote machine you want to reboot (in this case the server)Some are recommending ILO cards to be able to get on that box no matter what.But I think all these workaround and hacks we are doing to get into the box after Patch Tuesday doesn't points to an underlying issue with MU's reboot mechanism that isn't getting looked into.What about you?  You seeing this issue on Servers and Workstations? Filed under: Patching issues [...] [...] We've been chatting about an issue that we've been seeing (and posts like Vlad's alude to) that rebooting sometimes doesn't …or other patch issues that may be an issue to your remote clients.  We're seeing that the reboot mechanism in Microsoft update… well.. it just isn't… and when the server doesn't come back, you have to madly attempt to get back into a workstation to send it a remote reboot command.Remote into an internal workstation, and issue "shutdown -r -t 0 -m \server\servername-r = reboot-t 0 = timeout of zero-m = name of remote machine you want to reboot (in this case the server)Some are recommending ILO cards to be able to get on that box no matter what.But I think all these workaround and hacks we are doing to get into the box after Patch Tuesday doesn't points to an underlying issue with MU's reboot mechanism that isn't getting looked into.What about you?  You seeing this issue on Servers and Workstations? Filed under: Patching issues [...]

]]> By: Andy http://www.vladville.com/2006/09/i-need-a-confidence-patch.html/comment-page-1#comment-7086 Andy Fri, 15 Sep 2006 10:13:19 +0000 http://www.vladville.com/2006/09/i-need-a-confidence-patch.html#comment-7086 I know what you mean - I've had several servers for different customers take over 45 minutes to reboot after updating patches the past couple of months. A lotof the time I've had to use shutdown.exe to force a reboot after the reboots from the update program didn't finish the shutdown process completely (but enough to stop services like exchange,iis, rdp etc). I really can't see how people can publish 99.99% uptime sla's unless they don't patch at all (and just rely on servers being behind a firewall and in the case of web servers being the ONLY machine on that network so nothing else can hit it from behind the firewall) I know what you mean – I’ve had several servers for different customers take over 45 minutes to reboot after updating patches the past couple of months. A lotof the time I’ve had to use shutdown.exe to force a reboot after the reboots from the update program didn’t finish the shutdown process completely (but enough to stop services like exchange,iis, rdp etc).
I really can’t see how people can publish 99.99% uptime sla’s unless they don’t patch at all (and just rely on servers being behind a firewall and in the case of web servers being the ONLY machine on that network so nothing else can hit it from behind the firewall)

]]> By: richwalkup http://www.vladville.com/2006/09/i-need-a-confidence-patch.html/comment-page-1#comment-7012 richwalkup Fri, 15 Sep 2006 01:55:40 +0000 http://www.vladville.com/2006/09/i-need-a-confidence-patch.html#comment-7012 @WorkingHard I meant no disrespect either - and when I said get down from the SBS pedestal, I meant this community in general. It's easy for us technical people to dismiss these issues as commonplace, but it's also wrong. Unlike many others, I still don't think Linux is a viable solution for most businesses and when the largest software development company in the world starts down this road as a matter of general practice, we're all in trouble. And my general point was that we as technical people can fix these issues but Microsoft's target audience (SMB) is the one who really gets the shaft. We endure headaches and sleepless nights to keep our customers happy but the ones who can't run their business effectively for days and weeks on end are the ones that pay dearly. To that end, I think it is highly unethical for MS to release these patches the way they do. People who try to do the right thing and stay patched against malicious code are subjected to inadvertent malicious code brought to them by the makers of their OS on a consistent basis. @WorkingHard

I meant no disrespect either – and when I said get down from the SBS pedestal, I meant this community in general. It’s easy for us technical people to dismiss these issues as commonplace, but it’s also wrong. Unlike many others, I still don’t think Linux is a viable solution for most businesses and when the largest software development company in the world starts down this road as a matter of general practice, we’re all in trouble. And my general point was that we as technical people can fix these issues but Microsoft’s target audience (SMB) is the one who really gets the shaft. We endure headaches and sleepless nights to keep our customers happy but the ones who can’t run their business effectively for days and weeks on end are the ones that pay dearly. To that end, I think it is highly unethical for MS to release these patches the way they do. People who try to do the right thing and stay patched against malicious code are subjected to inadvertent malicious code brought to them by the makers of their OS on a consistent basis.

]]> By: Scott http://www.vladville.com/2006/09/i-need-a-confidence-patch.html/comment-page-1#comment-6999 Scott Fri, 15 Sep 2006 00:01:36 +0000 http://www.vladville.com/2006/09/i-need-a-confidence-patch.html#comment-6999 I've turned off all automatic updates. Choose detect only and I will approve the updates a week after Patch Tuesday. My test lab is our own production SBS R2 box and the rest of the community. I’ve seen two similar boxes, one patches and the other craps, so doing a test of one or two test boxes isn’t enough, IMHO. The world is my lab, I am sure I will hear about it. Last two months I’ve had issues, I hear about it hours after I encounter the patch issue. Next time I will wait. Scott I’ve turned off all automatic updates.
Choose detect only and I will approve the updates a week after Patch Tuesday.
My test lab is our own production SBS R2 box and the rest of the community. I’ve seen two similar boxes, one patches and the other craps, so doing a test of one or two test boxes isn’t enough, IMHO. The world is my lab, I am sure I will hear about it. Last two months I’ve had issues, I hear about it hours after I encounter the patch issue. Next time I will wait.
Scott

]]> By: Jack Francis http://www.vladville.com/2006/09/i-need-a-confidence-patch.html/comment-page-1#comment-6994 Jack Francis Thu, 14 Sep 2006 23:01:13 +0000 http://www.vladville.com/2006/09/i-need-a-confidence-patch.html#comment-6994 I agree, Microsoft SUCKS when it comes quality updates. The one I could not believe was 898060 (MS05-019) when they broke the IP stack with a post SP4 Win2k security update and Win2k3 SP1. If you were running Outlook 2k and connecting to an Exchange server with this patch installed over a VPN connection, presto no more connectivity. When I worked at Microsoft I saw this fix so many wierd networking issues that it was the first thing I looked for, for a long while. I lost all faith in Microsoft updates after that. The problem with this update was that some how some old NT 4 source code wound up in the patch. When it comes to updates there is no QA, they must have out sourced that to India as well. I am starting to think that Linux may wind up being the answer long term. As far as I know they never re-released SP1 with a corrected version of TCPIP.sys and the company I work for now may have this problem all over the place, they are terrified to patch so we don't unless we rebuild a box. So sad.. I agree, Microsoft SUCKS when it comes quality updates. The one I could not believe was 898060 (MS05-019) when they broke the IP stack with a post SP4 Win2k security update and Win2k3 SP1. If you were running Outlook 2k and connecting to an Exchange server with this patch installed over a VPN connection, presto no more connectivity. When I worked at Microsoft I saw this fix so many wierd networking issues that it was the first thing I looked for, for a long while. I lost all faith in Microsoft updates after that. The problem with this update was that some how some old NT 4 source code wound up in the patch. When it comes to updates there is no QA, they must have out sourced that to India as well. I am starting to think that Linux may wind up being the answer long term. As far as I know they never re-released SP1 with a corrected version of TCPIP.sys and the company I work for now may have this problem all over the place, they are terrified to patch so we don’t unless we rebuild a box.

So sad..

]]> By: WorkingHard http://www.vladville.com/2006/09/i-need-a-confidence-patch.html/comment-page-1#comment-6991 WorkingHard Thu, 14 Sep 2006 22:45:14 +0000 http://www.vladville.com/2006/09/i-need-a-confidence-patch.html#comment-6991 Hello richwalkup, No disrespect was ever intended. Vlad's point is indeed valid. I'm not dismissing it, I'm not saying it should not improve or that is can't improve. It should improve. But it is a fact of any profession that you will allways have issues, concerns an problems that are sometimes maddening enough to bang your head against the wall and perhaps 5 years from now they will be quite different from the ones we're having now. That's not the same like saying "it's just like that". I do know that that does not help to bang my head against the wall (unless for some reason I want a headache) so I try to do the best I can knowing I will always have shit to deal with just like a trauma surgeon knows that no matter what he will allways have casulaties in his ward that could have been prevented. He makes good money from being a surgeon. Thats's not unethical, he does not cause the casualties. I don't think any software firm wants to produce shitty software, they all often do. Do they feel proud or hapy with that? I think they want to vaoid it but probably often fail in the process just as much as I often fail at things I really wanted to get done better than I did. What keeps me going is the small and big succes I have. SBS 2003 on a pedestall? :-) I'm balancing between running 100 server environments, SAN Storage, Tape libs (huge and small ones), SQL Server, Exchange, GPS networks, codingn, coaching a team ... and I still help my helpdesk people out with "silly issues" or fix 2 server big "infrastructures". So please do not take this as an attempt to minimalize Vlads valid concerns or a SBS 2003 is "untouchable" rant. We all feel his frustration at given times. All I'm saying basically that frustration is all over the place in the IT world. As far as partnerships go. I put trust in persons I meet, work and fight fires with. People in suits who want to be my "strategic partners" ... uhm no I don't trust them for one second, no matter what company they are from. Once they have your money that's it. Suddenly your an anoying customer ... not a partner ... the "service oriented business" model is not a great as it is often portrayed or implemented. Cheers Hello richwalkup,
No disrespect was ever intended. Vlad’s point is indeed valid. I’m not dismissing it, I’m not saying it should not improve or that is can’t improve. It should improve. But it is a fact of any profession that you will allways have issues, concerns an problems that are sometimes maddening enough to bang your head against the wall and perhaps 5 years from now they will be quite different from the ones we’re having now. That’s not the same like saying “it’s just like that”. I do know that that does not help to bang my head against the wall (unless for some reason I want a headache) so I try to do the best I can knowing I will always have shit to deal with just like a trauma surgeon knows that no matter what he will allways have casulaties in his ward that could have been prevented. He makes good money from being a surgeon. Thats’s not unethical, he does not cause the casualties. I don’t think any software firm wants to produce shitty software, they all often do. Do they feel proud or hapy with that? I think they want to vaoid it but probably often fail in the process just as much as I often fail at things I really wanted to get done better than I did. What keeps me going is the small and big succes I have. SBS 2003 on a pedestall? :-) I’m balancing between running 100 server environments, SAN Storage, Tape libs (huge and small ones), SQL Server, Exchange, GPS networks, codingn, coaching a team … and I still help my helpdesk people out with “silly issues” or fix 2 server big “infrastructures”. So please do not take this as an attempt to minimalize Vlads valid concerns or a SBS 2003 is “untouchable” rant. We all feel his frustration at given times. All I’m saying basically that frustration is all over the place in the IT world. As far as partnerships go. I put trust in persons I meet, work and fight fires with. People in suits who want to be my “strategic partners” … uhm no I don’t trust them for one second, no matter what company they are from. Once they have your money that’s it. Suddenly your an anoying customer … not a partner … the “service oriented business” model is not a great as it is often portrayed or implemented.

Cheers

]]> By: indy http://www.vladville.com/2006/09/i-need-a-confidence-patch.html/comment-page-1#comment-6989 indy Thu, 14 Sep 2006 22:37:38 +0000 http://www.vladville.com/2006/09/i-need-a-confidence-patch.html#comment-6989 Adam I'm not talking about patching solutions, I'm talking about applications and compatibility. Microsoft tests these patches heavily. They are more likely to test their own products well before a 3rd parties. You are just that much less likely to encounter difficulties when you stay the MS way. Adam

I’m not talking about patching solutions, I’m talking about applications and compatibility. Microsoft tests these patches heavily. They are more likely to test their own products well before a 3rd parties. You are just that much less likely to encounter difficulties when you stay the MS way.

]]>