When Did Server 2016 decide not to let me apply updates?


  • Service Provider

    Server 2016, AD joined, but no WSUS.

    It updated and rebooted itself.

    I was just logging in today to do the September updates.

    and got the pop up that it has rebooted for updates. WTF>

    0_1537049189695_1b1f4f16-ec39-4996-a88f-e5f973fe5f83-image.png

    This is only a basic IIS server, so not really any problem with it doing it by itself, but I have other servers on this network, current 2012 R2, that I was going to be upgrading to 2019. But now I might not.



  • @jaredbusch said in When Did Server 2016 decide not to let me apply updates?:

    Server 2016, AD joined, but no WSUS.

    It updated and rebooted itself.

    I was just logging in today to do the September updates.

    and got the pop up that it has rebooted for updates. WTF>

    0_1537049189695_1b1f4f16-ec39-4996-a88f-e5f973fe5f83-image.png

    This is only a basic IIS server, so not really any problem with it doing it by itself, but I have other servers on this network, current 2012 R2, that I was going to be upgrading to 2019. But now I might not.

    It might be unrelated but I had the computers in our domain without WSUS and had Deferred 1803 and on the September updates my devices applied 1803 and reboot and applied the Cumulative update without any approval as well...


  • Service Provider

    @dbeato I don’t have anything deferred. Also, Server 2016 Standard. Not a damned desktop.



  • @jaredbusch said in When Did Server 2016 decide not to let me apply updates?:

    @dbeato I don’t have anything deferred. Also, Server 2016 Standard. Not a damned desktop.

    Okay, I said it was slightly unrelated but going on the Server edition and to not continue to derail the post, what is the Update setting, Automatic, Download Onky or Manual updates on this server?

    sconfig even on Server 2016 standard can give you the option.



  • @jaredbusch said in When Did Server 2016 decide not to let me apply updates?:

    Server 2016, AD joined, but no WSUS.

    It updated and rebooted itself.

    I was just logging in today to do the September updates.

    and got the pop up that it has rebooted for updates. WTF>

    0_1537049189695_1b1f4f16-ec39-4996-a88f-e5f973fe5f83-image.png

    This is only a basic IIS server, so not really any problem with it doing it by itself, but I have other servers on this network, current 2012 R2, that I was going to be upgrading to 2019. But now I might not.

    What do your settings say? How long has it been since the last updates?

    Even if you don't have a WSUS server, you can still set a group policy up to point to a fake one with all the appropriate settings (I think ,I don't believe it "checks"... if so just install the role and leave it dead). Then it will never update, until you manually go in and click the option to check "online" for updates.



  • We have a set of Group Policy Objects that are set up at the domain level with WMI filters in place for two of the three.
    The first has all of the key settings for updates that are shared across the board.
    The second using a WMI filter to point only to desktop operating systems with the necessary settings in place for all desktop OS versions that we manage.
    The third is for server operating systems only. It delimits to download but not update automatically along with a few other settings.

    We've been using this setup since I can remember and not once have we hit servers auto-installing and rebooting. It's too risky for that to happen.