Skip Ribbon Commands
Skip to main content

Quick Launch

Todd Klindt's home page > Todd Klindt's SharePoint Admin Blog > Posts > SharePoint Patches are Now Part of Windows Update, For Real!
February 12
SharePoint Patches are Now Part of Windows Update, For Real!

Edit 3/2/2015 - This has been changed, please read SharePoint Server Patches Are No Longer Published in Windows Update.

Starting with the February 2015 CUs, all the SharePoint patches will try to sneak onto your unsuspecting SharePoint servers via Windows Update. Here’s a snippet from Stefan Goßner’s blog post on the matter:

“Be aware that starting with February 2015 CU SharePoint Product Updates including non-security product updates will be made available via Windows Update.”

He included a screenshot to really drive home the horror. Here’s my version of this:

image

Not only do the SharePoint patches show up in Windows Update, they show up as Important updates. That means Windows Update will install them when it gets a chance without warning you at all. As a guy that maintains a wiki whose sole purpose in life is to document problems with SharePoint patches, this gives me the willies. The files highlighted above are the same files that would be installed if you installed the February 2015 CU packages. The CU just puts them in one (or two) big files. What does this mean for you, the harried SharePoint administrator? Allow me to address that in the form of Frequently Asked Questions, that I actually have not actually been asked.

Q1) Is this real? Are you fooling me? Am I on TV? Where are the cameras?

A2) I assure you, this is all real. No screenshots were harmed in the making of this blog post.

Q2) How does this impact my Windows Update settings on my SharePoint servers? I’m scared, hold me!

A2) My lawyers have advised me that cuddling with my readers is strictly forbidden. No exceptions. However, I can help with the Windows Update settings part. Because of problems I’ve had in the past, for years I have recommended not allowing Windows Update to automatically update your SharePoint servers. I set all of mine to “Download only.” This only reinforces my feelings on that. Of course then you have to be diligent about going in and manually installing the patches on all of your servers, every. single. month. That’s a lot to remember.

A better solution is to start using Windows Server Update Services (WSUS) to distribute Windows and SharePoint patches to your servers. This gives you central patching control of all of your servers. In my opinion it’s better than not patching your servers and it’s better than letting SharePoint get patched every month.

Q3) If these patches are installed via Windows Update do I still need to run the Config Wizard after they’re installed?

A3) Absolutely. This requirement has not changed. SharePoint will run, mostly happily, with the binaries updated but without having run the Config Wizard. It’s not a great place to be in, but it will work. You shouldn’t have to worry about your SharePoint farm falling on its face immediately after the patch is installed, at least not because of the Config Wizard hasn’t been run. However, to prevent weird issues from popping up, it’s best to run the Config Wizard as soon as possible after any patch is installed.

Those are all of the phony FAQs I can dream up for now. If you have more questions, throw them in the comments below. I may add them to the article.

Thanks, and happy patching, intentional or not. Smile

tk

ShortURL: http://www.toddklindt.com/SharePointPatchesInWU

Edit 3/2/2015 - This has been changed, please read SharePoint Server Patches Are No Longer Published in Windows Update.

Comments

Fuuuuuuudddddggeeee

Only I didn't say fudge.

Terrible move on Microsoft's part especially since they don't both explaining why they thought this was a good idea when every SharePoint professional knows it is a bad idea and disables Windows Update on their SharePoint servers.
 on 2/13/2015 7:51 AM

What an absolutely horrible idea!

In environments where the SharePoint Admins control Windows Update this might not be a big deal. However, in tightly controlled environments where they do not, this could spell disaster.
 on 2/13/2015 8:32 AM

Re: What an absolutely horrible idea!

I'm not a fan yet of the idea. I'm curious to see how it all plays out.

tk
Todd O. KlindtNo presence information on 2/13/2015 8:46 AM

Is this really new?

The last couple of months I would get occasional SharePoint updates through Windows Updates. I'd then get errors in CA and run the configuration wizard. I wonder if I was being a guinea pig. All my updates are set to download only. Stay vigilant!
 on 2/13/2015 9:05 AM

Why is this news?

We've been experiencing this update behavior at least since late 2014. Things started to act weird in SharePoint and it was because CU's  were being deployed into out SP servers behind our backs. I'm the SharePoint admin, but I don't have control over the patching of our windows servers.
 on 2/13/2015 9:40 AM

Is this really new? / Why is this news?

It's news because in the past it was a one-off thing. Sometimes SharePoint patches were included in Windows Update. Sometimes they weren't. We never knew what was going on. Now we know for sure. They will be there. Adjust your servers or clench accordingly.

tk
Todd O. KlindtNo presence information on 2/13/2015 11:10 AM

Will WU properly detect rolled-up updates?

My customers have a number of SP updates waiting to be installed via Windows update. I've told the customer to install the non-SP updates only and leave the SP updates alone. I still prefer find a stable build and stuck to it, and to update SP using only service packs or CU packages.  I predict this change from Microsoft is going to result in a lot of broken farms, based on the number of admins I've met whose method is "check all the boxes and hope for the best".

Questions:
 I wonder if windows update properly detects hotfixes that have been rolled into CU's? 
What if you tell WU to install OS and Security updates only (I.e. Don't install product updates). Would that exclude SP?  I haven't tried that yet.
 on 2/13/2015 5:44 PM

Can we uninstall to roll things back?

I'm not a fan of this. I'm wondering whether I can uninstall Windows-based SharePoint updates to get things back if the updates affect my SharePoint.

Regards,
-T.s
 on 2/15/2015 1:26 AM

This caused me big issues last week

I had this issue last week, and noticed these patches being pushed down to one of my SP2013 farms. One of the updates removed the "SpDataAcces" role to the Profile database for most of my web app pool accounts, which caused the Newsfeed web part to stop working. This meant that anywhere that this webpart existed, the page wouldn't render. Keep an eye out in your ULS logs for this type of messages if you get the same type of issue: "SqlError: 'The EXECUTE permission was denied on the object 'Admin_GetPartitionProperties', database 'ServiceApp_Profile_DEV', schema 'dbo'".

Andy Talbot
 on 2/16/2015 2:40 AM

You're famous!

 on 2/17/2015 1:24 PM
1 - 10Next

Add Comment

Items on this list require content approval. Your submission will not appear in public views until approved by someone with proper rights. More information on content approval.

Title


Body *


Today's date *

Select a date from the calendar.
Please enter today's date so I know you are a real person

Twitter


Want a message when I reply to your comment? Put your Twitter handle here.

Attachments

 

 Please Support my Sponsors