Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Server 2016 Has an Update Problem, Users Say

Posted by msmash on from the closer-look dept.

madsci1016 writes: Frustrated with how long my Windows Server 2016 Essentials was taking to apply weekly updates, I turned to the web. A quick search revealed that I'm not alone. Many people are reporting similar experiences across the web. All sharing stories of weekly patching taking hours and sometimes ending in hung welcome screens. Some of these threads started a year ago and are still active, with no response from Microsoft addressing the issue. If you use Server 2016, have you experienced this problem?

20 of 79 comments (clear)

  1. Re:easy peasy by Anonymous Coward · · Score: 5, Funny

    5ms google search and... https://www.ubuntu.com/server

  2. Re:If it even loads updates by Anonymous Coward · · Score: 2, Informative

    The problem is a bad signature for Windows Defender, you need to check Advanced Options > Load Updates for other Microsoft products

    nothing new here, has been a solved issue for desktop OS for a while

    fwiw, this is what happens when you try to deliver secure products, some people would rather have easy than secure

  3. Re:easy peasy by Anonymous Coward · · Score: 3, Interesting

    If only that worked

    The only thing I have found that will fix it (at least until it decides to say fuck updates again) is manually install the old update it says it needs, manually reset windows update, and then it will usually update normally for a month or two until it breaks again

    This issue has caused our company to no longer deploy server 2016 and fall back to 2012 R2

  4. Windows. has an update problem by Halo5 · · Score: 3, Insightful

    And it's been that way for YEARS. They have yet to get updates right. It's one of the reasons I would NEVER consider running Windows as a server OS. No thanks...

    --
    665: The mark on the forehead of Satan's slightly less evil brother, Stan.
    1. Re:Windows. has an update problem by greenwow · · Score: 5, Informative

      I found a method that's worked every time on >250 servers since I found it a couple of months ago. Before that, I used to have interns just hit retry over and over and over again for days. That was dangerous since we have to give them admin access.

      https://gallery.technet.microsoft.com/scriptcenter/2d191bcd-3308-4edd-9de2-88dff796b0bc

      Install the PowerShell module then run:

      Get-WUInstall -AcceptAll -KBArticleID KB

      Updates like KB4088889 that would usually fail dozens of times, always work using that method. It's just too bad that Microsoft can't have Windows Update do what that PowerShell module does so well.

  5. Windows is such a Garbage OS by Anonymous Coward · · Score: 3, Interesting

    Honestly, I can't understand how anyone can feel at ease storing anything of value on Windows.

    It wasn't *always* this bad, but now it's a genuine nightmare. What if you need to travel on short notice during an unscheduled half-day-long update? One you didn't want in the first place? Can you imagine typing up or contructing a whole bunch of stuff, for days or weeks only to have it unaccessible when you need it? Waking up to discover the multi-thousand-dollar machine you bought has suddenly broken itself, by some feat of magic? or maybe suddenly decided it doesn't trust your hardware. Somewhere, during the night, your Personal Computer has become suspicious of you, or your setup. Because it thinks you *might* be trying to prevent Microsoft from collecting maximum revenue.

    This is what it's like to run Windows in 2018.

  6. Re:easy peasy by DraugTheWhopper · · Score: 2

    How about no, this doesn't apply at all to the question as it was asked. Dishonor on you, and dishonor on your cow.

  7. Yes by DraugTheWhopper · · Score: 3, Informative

    2016 definitely has patch speed issues, with the same set of patches taking roughly 20 mins on 2012R2, vs 3+ hours on 2016. So far, this does not appear limited to any particular circumstances, so Essentials suffers the same as Core and Desktop, etc.

    One thing that helps speed it up a little is to manually grab the latest cumulative from the WU Catalog, but this still takes a while.

  8. Windows 10 Desktop Has a Similar Problem by kmassare · · Score: 3, Interesting

    This issue does not appear to be limited to the Windows Server 2016. I have observed 4 hour updates on my wife's Windows 10 desktop and on mine also.

    1. Re:Windows 10 Desktop Has a Similar Problem by rastos1 · · Score: 2

      In my opinion the culprit is Defender. I regularly test installation of a software suite that has the installation source of more than 2GB and it takes forever until W10 decides to actually start the installation. This is the case even though the installed files are signed and were copied from a network share to local disk - which triggers the Defender check first time. And I believe that Defender spends ages to verify even files signed by Microsoft.

  9. Re:easy peasy by Anonymous Coward · · Score: 2, Insightful

    Gosh, if only there was some way to restart a process without cycling power

  10. It's the switch to rollup updates by Bugler412 · · Score: 4, Informative

    I'm senior sysadmin for a mid sized university system, the update times have increased dramatically since the switch to all rollup updates last fall, that a definitely observable fact. I personally have mixed feelings on it, it definitely speeds the initial patch cycle after a new build, but kinda sucks on machines that in production are patched monthly and likely don't require the full rollup, but the individual patches are no longer easily available. One adjustment we've had to make is to increase the allowable time window that we used to allow for patch installation via our SCCM delivered packages, as well as some minor adjustment of placement of patching windows within our scheduled maintenance windows to ensure that the patches complete in the allowed time.

  11. 30 second guide to troubleshooting Windows Updates by ElizabethGreene · · Score: 4, Informative

    PSA/Community service:

    Here's the missing quick reference card for Windows updates.

    If the problem is detecting or downloading the updates, run the powershell command get-windowsupdatelog to make a human readable log file on your desktop. (That half-grumbled thought that just went through your mind.. I agree.)

    If the problem is installing an update, the Content Based Servicing (CBS) logs in c:\windows\logs\cbs contain literally insane amounts of data including occasionally a useful error. These are big enough that they choke some text editors. Notepad++ handles them well. (Protip:I grep -v ", Info " to get some idea of what I'm looking for, then dig in with the editor.)

    If the problem is installing a driver, those errors end up in c:\windows\inf\setupapi.dev.log.

    If the problem is with a feature update:
    C:\$Windows.~BT\Sources\panther\setupact.log
    C:\$Windows.~BT\Sources\panther\miglog.xml
    C:\Windows\setupapi.log

    If you get an error code like 0x80070005 that you want to decode to a human readable message you can try Err.exe, the "Microsoft Exchange Server Error Code Look-up" tool. e.g. running err.exe 0x80070005 tells me that winerror.h defines this as E_ACCESSDENIED.

    HTH.

  12. Re:easy peasy by Waffle+Iron · · Score: 5, Informative

    Ubuntu wants to update 1-2 times a week

    True enough.

    , and always wants to reboot after.

    Not so true. It needs to reboot after kernel updates and a few other obscure cases. That's more like once every 2 or 3 weeks.

    But more importantly, with Linux, it's just a normal reboot. With WIndows, they put you in a special update purgatory for some unpredictable amount of time both before and after the reboot, possibly well over an hour: "Windows is doing updates XX% done. Do not turn off your PC".

    It's frigging 2018, and they've never figured out how to fix this despite pocketing countless $Billions peddling this OS. WTF?

  13. Re:30 second guide to troubleshooting Windows Upda by Hognoxious · · Score: 2

    Why the hell should I need a separate tool just to convert an error code number into an almost helpful string?

    Bastards, copying Lennux again.

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  14. Re:30 second guide to troubleshooting Windows Upda by Anonymous Coward · · Score: 2, Informative

    If you don't want to download a seperate tool to decode error messages, you can use certutil:

    C:\>certutil -error 0x80070005
    0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED) -- 2147942405 (-2147024891)
    Error message text: Access is denied.
    CertUtil: -error command completed successfully.

  15. Re:easy peasy by bangular · · Score: 3, Insightful

    I haven't done Windows administration in a few years, but I'm on the receiving end of Windows update on two PCs as a user. Apt is a brain dead simple package manager compared to the sophistication of windows update.

    In practice, apt is much faster and more predictable. I just received notice of updates for about 60 MB of updates in ubuntu. These took less than a minute to download and install. During the process, I was treated like an adult and the package manager let me know which package it was working on and whether it was downloading or installing. One of the most frustrating things with windows update is not knowing how long it will take. The second most frustrating thing is not knowing if it's stuck or just working on something that takes a long time.

  16. Re:easy peasy by chrish · · Score: 5, Insightful

    Got a decent (that is, less awful to set up, configure, and administer) replacement for Exchange/Outlook?

    I mean, MS is trying to make this easier for us by having Windows Server and Outlook constantly get worse (our two most common platforms are Mac OS X and Android; Outlook is half-assed garbage on Mac and a complete joke on Android).

    My yearly search for a decent email client always leads me back to Thunderbird, which is fine, but the mess of ultra-complex garbage suggested to replace Exchange is insane. We've got a hosting company to look after AD and Exchange for us, so a replacement has to be easy.

    G-Suite might do it, but we need self-hosted, we don't want Google reading all of our email and whatnot.

    --
    - chrish
  17. Cumulative update have serious problems by NormAtHome · · Score: 2

    There appear to be several problems, not just one. But the biggest on the two Windows Server 2016 that I manage, cumulative updates downloaded with Windows Update definitely have issues installing and more often than not fail, if they fail to install I've found the workaround is to manually download the update from the MS website and install it using the stand alone installer. So far I've found this to work if the Windows update fails.

  18. Re: easy peasy by andrew.j.borell · · Score: 2

    No, it is just that easy. And forget about OX if you dont have 10,000 users unless you want to go full cloud. Deploying dovecot and postfix on a headless ubuntu server is well documented. If you dont ldap, then ispconfig is super easy and covers all your basics. Otherwise, certs are covered by letsencrypt/certbot. Postfix smtp is protected by saslauthd. Spamassasin is called on-demand by amavis and updates each night. Just need to be sure you have your own local caching server for DNS or your free spamhaus RBL will not work very well if at all. An affordable groupware that I think is well rounded is OnlyOffice -- it's super nice and partially integrates with nextcloud if you are into that. Also in place of activesync you can use Z-push. There is literally an alternative for everything if you are brave enough to RYO and work out of command line to create inboxes and aliases cuz I have never seen a good ui outside of full blown groupware.