Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Patching servers with manual reboot

Created: 24 Dec 2012 | 12 comments

I want to be able to push patches to a group of servers but not automatically reboot.  I want to be able to reboot them manually when I'm ready.  I thought by not having "Allow immediate restart if required" checked in my software policy would prevent a reboot.  But after trying it over the weekend that is clearly not the case!  Is there a way to push patches and not have the machine auto reboot?

 

Comments 12 CommentsJump to latest comment

EMercado's picture

You need to modify your Software Update Plugin policy. Under the Restart Defaults section, set it to Never. That should stop your machines from rebooting after patch runs.

bbullers's picture

I found what you're talking about.  However I don't want to change it for all machines.  I want all the PC's and some of the servers to be able to auto reboot.  Just a select group of servers I don't want to auto reboot.  How can I acheive that?

BugTastic's picture

You would need to create a filter (if theres not one already) for the specific machnes. And create a new  polciy for each filter....

e.g.

Server batch 1 - Policy 1

Server batch 2 not reboot - policy 2

windows XP - policy 3

Windows 7 - policy 4

Withing each policy for each group you can define if they should be rebooted or not.

Does that make sense ?

Joe.

 

 

bbullers's picture

I found an answer.  I cloned the default software update plug-in policy.  Renamed it accordingly and applied it to my group of servers for manual reboot.  I changed 'allow to restart after installation' to never.  I made some mods under notification tab to display a message and delay the reboot.  Seems to work.

Charlie D Tran's picture

Hi there,

I learned a lot from this subject Q&A. However, for policy of servers that required manual reboot, what if we have 5 updates which require reboot to be completed, say first one got installed and require reboot, but have to wait for manual reboot, the other 4 updates would be stalled and can not get intalled?

Please advise.

Thank you,

Charlie

Roman Vassiljev's picture

Hi Charlie,

what if we have 5 updates which require reboot to be completed, say first one got installed and require reboot, but have to wait for manual reboot, the other 4 updates would be stalled and can not get intalled?

I think other updates will be installed and then each of them will require reboot. As soon as reboot occurs, installations of all 5 updates will be completed.

Thanks,
Roman

Charlie D Tran's picture

Hi Roman,

Thanks so much for your prompt reply.

1/ Your answer: I think other updates will be installed and then each of them will require reboot. As soon as reboot occurs, installations of all 5 updates will be completed.

---- I guess all updates will be installed one at a time on Windows server. Say, KB123456 installed and pending on reboot to complete on server abcde, and KB789000 would go on next to be installed on server abcde while KB123456 is still pending on reboot?

 

2/ What if we can not reboot at all for production servers that have applications running in single node and not H/A clustered.

 

Please advise.

 

Thanks so much, Roman, for your great support

Charlie Tran

 

Roman Vassiljev's picture

Hi Charlie,

I guess all updates will be installed one at a time on Windows server. Say, KB123456 installed and pending on reboot to complete on server abcde, and KB789000 would go on next to be installed on server abcde while KB123456 is still pending on reboot?

Usually installation of updates require reboot in order to update some files in case if these files cannot be updated without restarting.
I guess if one update is pending reboot, another patch still may be installed, because it updates other files.
May be there are some specific scenarios, when some update will not be able to install until machine is restarted, but it depends on concrete updates. In this case such update may be installed after reboot.

What if we can not reboot at all for production servers that have applications running in single node and not H/A clustered.

Unfortunately I don't have answer. Some patches require reboot and I don't know if there is workaround to avoid machine restarting.

Thanks,
Roman

oi_son's picture

Hi everyone,

Every so often I come across some patches that when they are installed do an automatic reboot on the machine. This is the patch that is doing the reboot and not Altiris. It doesn't happen all the time only every now and then with some patches. Just something to keep in mind.

Regards
Jason

Charlie D Tran's picture

Hi Jason,

Thanks so much for your notification. I guess if that was the case, Altiris should come up with a solution to supress the auto reboot initiated by those special patches. If not, we are here would be dead if one of the production servers went down without notice or not gracefully shut down (applc, scheduled servies, back-end) while serving world-wide and we can not afford H/A clustered due to legacy codes and other constraint.

Please help to comment if anyone have any work around in Altiris environment, please.

 

Thank you,

Charlie Tran

bbullers's picture

This is what has worked for me. Clone the default software plug-in policy.  Set "allow restart after installation" to never.  Also unser the notification tab, I set allow user to defer 7 days.  That way a message pops up on the screen and I do a restart manually when I want to.  Apply this policy to the group of servers you want to manully reboot.  However I'm fairly new to this so I can't say it never auto reboots.  But in my tests it has worked so far.  This weekend will be a good test when I push patches to our servers.

Charlie D Tran's picture

Hello all,

 

Thank you so very much to all, for your comments and work-around options. I highly appreciate that .

Charlie Tran