[German]Today another observation from an administrator regarding update management via WSUS. On a Windows Server 2019, the defaults are set via GPO so that updates are automatically installed every Monday/Thursday at 1am and the server should be restarted afterwards. But with the November 2022 updates this did not work, the installation including reboot happened on Friday from 6pm, the day the administrator had approved the updates on WSUS.
Advertising
German blog reader Leser Joachim has already pointed out the problem in this comment, but then provided me again separately by e-mail with more information. He has posted the issues with Windows Server 2019 update installation in the Spiceworks forum under Windows Server 2019 updated and restarted on the wrong day regardless of GPO. According to Joachim, the following applies:
- Updates should be installed automatically every Monday/Thursday at 1 a.m.
- After the update installation, a reboot should then occur automatically to complete the installation
Updates are managed by WSUS and Joachim has set three WSUS group policies:
- a) A policy that does not install updates automatically. Servers with this setting did not install the updates and were not restarted.
- b) A policy that automatically installs updates and restarts on Monday. This is done by setting the scope to an AD group with these servers.
- c) An update installation policy that works as above, but restarts on Thursday.
Policies b and c worked as expected until the November 2022 updates. However, with the November 8, 2022 updates, it went wrong. With the November 2022 update, the 2019 servers that were supposed to be automatically installed every Monday/Thursday at 1am restarted on Friday (the day the updates were approved) starting at 6pm.
In the event viewer Joachim found the following entry:
System Eventlog ID 1074
The process C:\Windows\system32\svchost.exe (S0****)
has initiated the restart of computer S0*** on behalf of user
NT AUTHORITY\SYSTEM for the following reason:
Operating System: Service pack (Planned)
Reason Code: 0x80020010
Shutdown Type: restart
A check of the AUService using the following power shell command:
Advertising
New-Object -ComObject "Microsoft.Update.ServiceManager").Services | Select-Object Name, IsDefaultAUService
created the following output:
Name IsDefaultAUService ---- ------------------ DCat Flighting Prod False Windows Store (DCat Prod) False Windows Server Update Service True Windows Update False
A query with gpresult /h shows that only the correct GPO is applied to a server that was still restarted on Friday. There are more details listed on Spiceworks, including the GPO defaults. According to Joachim, this constellation worked as desired until the end of October 2022, but failed with the November 2022 updates. His question is whether anyone else has observed this behavior?
Have had similar this month on Server 2019 Standard
The process C:\WINDOWS\system32\svchost.exe XXXX has initiated the restart of computer XXXX on behalf of user NT AUTHORITY\SYSTEM for the following reason: Operating System: Service pack (Planned)
Reason Code: 0x80020010
Shutdown Type: restart
Comment
We have the following set:
Configure automatic updating: 3 – Auto download and notify for install
The following settings are only required and applicable if 4 is selected.
Install during automatic maintenance Disabled
Scheduled install day: 0 – Every day
Scheduled install time: 03:00
If you have selected "4 – Auto download and schedule the install" for your scheduled install day and specified a schedule, you also have the option to limit updating to a weekly, bi-weekly or monthly occurrence, using the options below:
Every week
First week of the month
Second week of the month
Third week of the month
Fourth week of the month
Install updates for other Microsoft products Disabled