We discussed internally at my company (and I think here on Connect at some point) a way to improve patch application success rates, particularly on the server side. The basic mechanism would be to set the Patch Agent policy to a "manual" install (by setting a scheduled time far in the future). Then the patches would be deployed as usual to the machines while leaving sufficient time to download, etc. The actual patch installation would be initiated by a Software Delivery task that would run a script (most likely for improved error handling and SQL instance determination) or batch file that would stop all the potentially impacted services (SQL, IIS, Exchange, etc etc) then run AeXPatchUtil.exe /Xa /reboot /q to install the patches and immediately reboot.