Stop the "Windows update madness" on WS2016!
Dear Microsoft Windows Server team. We would like _complete control_ over when we would like our our WS2016 to install windows updates! No more slow / timeconsuming server restarts because of "Getting Windows ready. Do not turn off your computer" messages when we just would like a quick restart of a production server.. No more TiWorker.exe using 100% of a CPU core during "*********" and so on.. And please fix the issues with '2017-08 Update for Windows Server 2016 for x64-based Systems (KB4035631)' asap. Thank you.
Patrick I hear you, let's hope that Server 2019 will be better. Infact Server 2016 is a bit like vista and technically old, based on Windows 10 1607, which was not their best release base anyway.
I have good hopes for Windows 10 1809 / Server 2019
Truly a madness.
I manage about 200 Servers myself, 50% 2016 now.
Better go with VMware as a host in the future since MS doesn’t care anymore. You can see this with the massive bugs in 2016:
- DC on 2012R2 backup errors
- 2016 Cluster Crashes because of nics
- Defender and HyperV Replica Bluescreen
We have a lot more MS cases opened with 2016 but they solve nothing, it’s like jumping from one 1st Level to the next 1st Level ... without solutions
Chris Bailiss commented
Windows Server has definitely taken a step backwards with 2016 in terms of performance of system updates. Taking more than an hour prior to reboot, then a further hour for reboot and update completion, is poor.
^^ they probably know but don't have the personel and time to do that. Still I think it has become easier with Windows 10 and 201x Server
I can't believe there are so many people who do not know how to control patch management. What a shame.
I also recommend to install the most recent SSU first before installing any other CU or update.
Steve I absolutely agree I am sure that Server 2016 won't be addressed and MS will focus to fix this in Server 2019 aka 1809 and which is probably also the next LTSB.
This is a sad thing but I doubt they will can handle this using a servcing stack update. BTW have you installed the Servicing stack update on any 2016 Server yet to test if this ease the process? There was a very unknown advisory in the Update History.
Prerequisite: When installing both the servicing stack update (SSU) (KB4132216) and the latest cumulative update (LCU) from the Microsoft Update Catalog, install the SSU before installing the LCU.
Note these SSU (servicing stack update do not come automatically to any Windows Version, neither 1507 (and LTSC), 1511, 1607 (and Server and LTSC), 1703. 1709 and 1803 are not affected
Please give it a try if this fixes your issues.
On my behalf MS should automatically deploy these to anyone needed and code a prerequisite check. Cannot be that hard Microsoft, can it?
Dear Microsoft updates team,
First and foremost, the blind eye that is turned on this issue is VERY poorly received by the community, I work for a larger company with a huge Microsoft server OS contingent 9000+ Microsoft servers 40+ domains and hundreds of thousands of clients, and thousands of admins, patching 2016 VIA WSUS, by using deadlines to auto patch servers, we have the deadlines setup to patch various servers within a system to avoid complete outages, since 2016 has been introduced we can no longer use the patching windows that were initially established, but the push was not a half an hour, it's more along the lines of 3 hours to avoid the service outages, because servers can and will do strange things, like be unavailable, or when they restart they take 20+ minutes to complete the updating windows at startup, the growth of the WSUS database is also problematic, since it is in excess of 500 GB now, going from singular patches to rollups has added a lot of volume to the process and longer patching times, but a rollup applied to a 2012 machine completes in 1/4th the time the same cycle rollup applied to a 2016 machine, I get that the OS is different, but these issues do not go unnoticed by us (your customer) or by our customer, because it introduces a productivity hit to my customer, my co-workers, and all of this is generated by what appears to be a poor patch handling within the 2016 architecture.
I would say that the rollup process for companies that are heavily security minded, might point out that one patch within a rollup that requires an entire rollup to be backed out causes a greater security risk just removing a single patch to correct the issue, but that voice I think has spoken up a few times.
My own PFE told me that he had never heard this before, when we have been talking about it after every patch cycle, which is disparaging to say the least.
Thanks for your attention in this matter
Just had to do updates on a server. One of the VMs failed the same update 4 times, I have had to remove the VMs NIC to get the VM to finally update. 14 hours for updates on the physical box and 2 VMs later and I am annoyed.
Windows 2016 update horrible. BareMetal ... VMs ... doesnt matter, runs for hours. Microsoft, why make all more worse, than it is anyway. Year after year. We pay for this software, its not linux where **** is free (and you know, linux is not ohnly ****). I think every customer could expect a little of value for the money. Its the same over years now: 66% of what you doing ... is scrap. Features, nobody wants. AppStore on a Server, and so on ... ARGHHHHH. Sorry, but thats the truth. Slowly i'm beginning to hate you, and a long time ago I was really pleased about your products. Unforunately you've lost the sense for what a customer stands and what your role is in that game. And mor unfortunaly there is no real way out of this misery ...
I have been having a problem with the update database becoming corrupted. So, the updates install slowly, the server reboots slowly, then the server needs to rollback slowly and reboot (slowly) again. Then I have to intervene to fix the update database. What a headache!!!
I have to agree with all of the comments here. I have several 2016 Hyper-V hosts running 2016 VM's. To patch a single host and 4 VMs can take more than a full day. Why?
The build process has now become impossibly long. It now takes two days to build a 2016HV host, and deploy 2 or 4 VM's on it. Most of that time is waiting for patches to install.
The era of Windows Server (with a GUI) end with 2012 R2.
David, Update log is available only via Powershell. This is a change.
Anonymous try to enable software vGPU on ESX / Hyper-V this should heal your GUI slowness and greatly improve the performance on Citrix for free.
On the topic I am sad that Server 2016 does not offer Edge, as a substitute to IE as IE is still loading while other products are already ready.
So my plea is: faster updates (better utiliziation and GPOs to steer dism / installer worker)
implement Edge on Servers, please.
David Saphier commented
Give us back out WindowsUpdate log as well.
Agree with other people comments here.
Brand new install 2016 servers and then get an update that takes over 2 hours to install and then machine reboots and takes another 35-40 minutes.
We also notice the graphical interface on 2016 as very slow compared to previous - is this why Microsoft is pushing Powershell and nano-server as the GUI is hopelessly poor at performance on 2016. During all the patching etc, CPU, disk usage are barely noticeable
Really sick of waiting 2 hours every month to apply these updates. I have a 3 node Hyper-v cluster, (which freaks out when you use Cluster Aware Updating) and doing one node at a time means 6 hours of applying updates.
Microsoft needs to give us more control over windows update scheduling (ie monthly reboots) and also make these updates install quicker. 3 hours I've been staring at the Getting Windows ready. Don't turn off your computer screen with 2% CPU and 1gb memory being consumed. What is actually going on? Probably nothing but to **** us off.
I agree with Matt, the more I use WS2016, the more I hate it as a server because of the Windows Update problem. Every month I have to wait for it to download updates from WSUS (also a WS2016 server) and while the download from WSUS isn't too bad, it's the super long install of the cumulative updates with the extra long reboot of the server that's a glaring huge problem.
As we continue to replace our older Windows servers with WS2016, updates become more and more time sensitive and while Microsoft may find this hard to believe, we and many, many, other organizations don't have the budget for a fleet of servers with redundancy to the Nth degree to be able to afford to have the downtime imposed by the Windows Update madness that's going on. If we're going to be forced to spend the money on the computing resources to be able to house all those servers, we may as well start deploying more Linux servers where we have FULL CONTROL over what the server does.
The cost of the extra computing power to have all the server redundancy can be easily funneled into converting things over to Linux, and I'm sure Microsoft is already painfully aware that there are likely more public facing servers on the Internet that run other OS's that aren't Windows based.
I have to agree with all the comments I have read and I feel everyones pain, everyday.
The frist suggestion here is this: QUIT treating Server 2016 like it is someones home PC. I am fairly sure that MS2016 Datacenter is NOT a home product.
- GET RID OF DEFENDER - I can provide screen shots of machines utilizing defender with
thousands and thousands of infections - IT HAS NO PLACE ON SERVER !!!
- Next, just to refresh Microsofts memory - Server products are used for critical operations
STOP focring updates and restarts let us choose the times so we can notify critical operation
that restarts are going to happen - you are putting the jobs of professionals in jepardy - We
are tired of being blamed for Microsofts Dictatorship style of ruling!
- FIX IE - just because you have it so locked down upon install does NOT make it a secure
product. Especially when we have to disable all the securtity just to go to Microsofts websites!
You really could learn a thing or two from Chrome and Firefox - they put their customers first.
- STOP moving our tools around, you may enjoy Easter Egg hunts with you kids - BUT NOT at
work in critical situations. You are HURTING the engineers that support you ! Give us
(YOUR MCSE's) the choice of wanting to search for how to do everything or not. Your
screwing with our jobs.
- Try fixing the tens of thousands of bad links on your websites. I really hate the click here for
details or help and all I get is half-@#$ ****.
- How can you have an event ID and source for event log errors that have no information on
- STOP trying to force ****** apps like Defender and IE on us, now it's edge and skype that
you can't unistall.
- Make your System Center products (that you forced us to buy with Datacenter) perform like
your competors tools. After 20 years, DPM still can not restore a single mailbox, let alone a
single email! Everyone else does it, are you to incompetent to give your engineers what they
need? I would be ashamed to have my company name on any of your System Center
I could go on for days writing this, I have been supporting Microsoft WIndows since 3.1 and NT 3.1. So I definately have the background to say "You Treat those of us that support you LIKE TRASH". I am probably one of your oldest engineers, and never, not once, have you ever listened to us. Well, maybe getting us the business verion of XP, but nothing else.
The one thing that keeps Microsoft going is it's engineers and our recomendations. I have news for you, we are fed up with your ****, your incompetence and your forcing garbage on us. Start fixing your products, or you'll end up just like Tandy as we, the engineers start pushing to remove all Microsoft products from our environments.
NOT A JOKE - you better start asking us, the engineers what we want and need in new versions of Server. We use, support, fix, recomend and buy your products. It's time to put us first, Linux is starting to become very attractive.
Sorry to rant here, but I am sick and tired of all the bull. Auditing starts again next week and we will get ripped apart because of Microsoft yet again!