Installation and Patching

How can we improve the installation and patching of Windows Server?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. More that "Preparing" in Server 2016

    When patching Windows Server 2016 (maybe 10 as well) it always says "Preparing to install". Doesn't matter if it's checking for updates, downloading updates, or installing updates. It always shows "Preparing to install". Right now I'm patching three new Server 2016 VM Templates and they all show "Preparing to install updates xx%".

    Can we please go back to the Win2012 and previous messages that showed what was actually being done, not what we're preparing for?

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Patch Behaviors  ·  Flag idea as inappropriate…  ·  Admin →
    • Show more detail when installing updates during shutdown/reboot

      Installing a Windows Server 2016 cumulative update (e.g. after setting up a new server) can take pretty long. After a few minutes, the unchanging message "Getting Windows ready / Don't turn off your computer", despite its looping dots, stops inspiring confidence that progress is being made.

      Monitoring %windir%\Logs\CBS\CBS.log helps slightly, at least until "CommitPackagesState: Started persisting state of packages".

      I would therefore request that
      * on Windows Server, and optionally on Windows 10 as a configurable option, the "Getting Windows ready" screen shows additional detail, similar to the output in CBS.log (e.g. "processing package 1564/7144 for KB4025339")
      * if possible,…

      20 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Patch Behaviors  ·  Flag idea as inappropriate…  ·  Admin →
      • installation of kb4038777 on 2008 R2 domain controllers causes LDAP to break for certain applications.

        after much troubleshooting this morning, we were forced to uninstall kb4038777 on our 2008 r2 domain controllers and restart them. it appears LDAP authentication is failing over port 389 for a handful of our applications, as well as our production mailarchiva instance.

        was curious if anyone else had seen / experienced similar.

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          1 comment  ·  Patch Behaviors  ·  Flag idea as inappropriate…  ·  Admin →
        • KB4035036 - .NET Preview August 2017 for .NET 4.6.1 installs .NET 4.7 DLLs

          Hi All,

          it looks like that ndp46-kb4033990-x64 one of the Updates included in
          KB4035036-August 2017 Preview of the Quality Rollups for the .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (https://support.microsoft.com/kb/4035036)

          patches the wrong .NET 4.6.1 DLLs on a Windows 2008 R2 Server.

          Registry sill says .NET 4.6.1 (394271) is installed, but

          the new patched files have a signature from 4.7.
          For e.g: mscorlib.dll has after the patch 4.7.2106.0.

          There a some third-party products, that have problems with .NET 4.7, like OpenEdge Progress.(https://knowledgebase.progress.com/articles/Article/gui-net-application-crashes-after-net-upgrade-to-4-7).

          And after…

          2 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            2 comments  ·  Patch Behaviors  ·  Flag idea as inappropriate…  ·  Admin →
          • KB3213986 Causes Logon Failures When Starting BITS Service - Please fix

            After installing update KB3213986 on Server 2016 Desktop Experience, a failed logon is logged every time the BITS service is started.

            Failed Logon Event:
            Log Name: Security
            Source: Microsoft-Windows-Security-Auditing
            Date: 2/27/2017 1:27:10 PM
            Event ID: 4625
            Task Category: Logon
            Level: Information
            Keywords: Audit Failure
            User: N/A
            Computer: PLB-DXX-TP01.dev-products.local
            Description:
            An account failed to log on.

            Subject:
            Security ID: SYSTEM
            Account Name: PLB-DXX-TP01$
            Account Domain: DEV-PRODUCTS
            Logon ID: 0x3E7

            Logon Type: 5

            Account For Which Logon Failed:
            Security ID: NULL SID
            Account Name: -
            Account Domain: -

            Failure Information:
            Failure Reason: An Error occured during Logon.
            Status: 0xC0000073
            Sub Status: 0xC0000073

            34 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              19 comments  ·  Patch Behaviors  ·  Flag idea as inappropriate…  ·  Admin →
            • KB4015553 on Windows Server 2012 R2 with SQL 2008 R2 creates System Kernel Process Handle/Thread Leak

              KB4015553 on a Windows Server 21012 R2 with SQL 2008 R2 creates a System Kernel Process Handle/Thread Leak. It is easy to see in the Task Manager after adding the Handle/Thread count columns. The counts increase nearly 1 per second until the OS and system is unresponsive and collapses.

              Another indicator is in the event logs, 4231 events appear: Description:
              A request to allocate an ephemeral port number from the global TCP
              port space has failed due to all such ports being in use.

              But the ephemeral port alert is not the root cause.

              7 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                4 comments  ·  Patch Behaviors  ·  Flag idea as inappropriate…  ·  Admin →
              • Remove supersedence logic from Server 2012 R2 security patches

                Currently the non quality security updates are superseded by the security quality updates. This causes most of the standard reporting to break for companies that do not need or want the quality updates for security patches. 3rd party scanners also will show servers as non patched if a company only installs the non quality package. Please do not set the quality updates to supersede the non quality updates. This will prevent companies from having to spend large amounts of development time to rework their processes that worked for several years.

                6 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Patch Behaviors  ·  Flag idea as inappropriate…  ·  Admin →
                • Configuration process - wait for Update to complete, before "auto-restart"

                  Hi Dev Team,

                  Configuration process (Add / Remove Roles) should check if Updates are being downloaded / installed, before restarting the system.

                  Cheers

                  4 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Patch Behaviors  ·  Flag idea as inappropriate…  ·  Admin →
                  • Give us back lightning-fast Updates

                    Consider having the entire Component-based Servicing Infrastructure running from RAM if available and as far as is possible.

                    I've done extensive analysis and testing to what CSI is actually doing. While no doubt it is much much more secure/reliable then for example WinXP updates were, it does have a significant drawback, which hurts even more in Virtualization. Let me ask you: What do you commonly have enough of in Virtualization ? CPU ? Yes, Mem. ? Usually, also yes, Network ? Usually, yes, Disk I/O ? NO. Usually, disk I/O is the common bottleneck in most Virtualization-environments I've come across…

                    11 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      1 comment  ·  Patch Behaviors  ·  Flag idea as inappropriate…  ·  Admin →
                    • Resume monthly Windows Update rollup releases for Windows 2012R2

                      The monthly Windows Update rollup releases greatly sped up creating a machine from scratch, upgrading an image to latest, and just patching machines. These rollups ceased shipping in December 2014. There has been no rollup release in over 14 months for the current latest production server OS from Microsoft.

                      This translates to over a hundred updates (about 150 past the last rollup) and a few reboots, multiple ngen passes for .Net that aren't needed. Only the last of these time-costly operations needs to run, a handy side-effect the rollup has.

                      Instead on thousands of tens of thousands of sysadmins spending…

                      26 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        3 comments  ·  Patch Behaviors  ·  Flag idea as inappropriate…  ·  Admin →
                      • 44 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          2 comments  ·  Patch Behaviors  ·  Flag idea as inappropriate…  ·  Admin →
                        • Stop advertising unnecessary updates for server OS

                          Each month for the last 2 years, a manual check of Microsoft Update reveals a lot of what I call junk or unwanted updates. For example, why in the earth should a Win2008/2012 server receive updates related to Surface3? Or why is some obscure critical updates presented on an English Server OS, when the fix is for some excotic Chinese languge setting? If somebody would really ready all the KB articles that follow each month, you would be really astonished over the sheer number of unwanted updates. And it takes time to download, deploy and install. Not a problem if…

                          9 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Patch Behaviors  ·  Flag idea as inappropriate…  ·  Admin →
                          • Fewer restarts for updates

                            There should be fewer restarts for updates. Especially for storage servers and network routers it's a hassle to reboot.

                            Clustering all relevant servers is too much a hassle.

                            85 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              2 comments  ·  Patch Behaviors  ·  Flag idea as inappropriate…  ·  Admin →
                            • Don't see your idea?

                            Feedback and Knowledge Base