Forum Discussion

DavidYorkshire's avatar
DavidYorkshire
Steel Contributor
Dec 17, 2024

Servers not rebooting following update (WSUS)

Has anyone else encountered an issue with servers sometimes not rebooting straight away following an update installed via WSUS? It sits at restart pending for 24 hours, until the next update check is due, then reboots.

This is particularly an issue with terminal servers because (for reasons best known to Microsoft), these offer ordinary users the option to update and restart (under normal circumstances, only an admin has the restart option visible). so there is a whole day where one person could inadverteltly reboot a terminal server, thereby potentially causing others logged in to lose what they are working on.

I've trawled through the event log on an affected server, and I can't see any clear reason why it doesn't reboot immediately on all occasions (with some updates it does reboot - this behaviour is not consistent).

The affected updates seem to be .NET monthly cumulative ones, but I can't say for sure whether it's only them affected, nor is it clear whether only terminal servers do this (I hope to clarify this with testing over the next few weeks). However, either way it's the terminal servers which are the problem - the other servers are only accessible by admins, who know not to reboot them during working hours unless really necessary).

Thanks

  • kyazaferr's avatar
    kyazaferr
    Steel Contributor

    Check Windows Update Registry Settings

    # Check if NoAutoRebootWithLoggedOnUsers is enabled
    reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v NoAutoRebootWithLoggedOnUsers

    • Review Group Policy Settings:
      • Navigate to Computer Configuration > Administrative Templates > Windows Components > Windows Update
      • Check "No auto-restart with logged on users for scheduled automatic updates installations"
      • Also verify "Configure Automatic Updates" settings
    • For Terminal Servers specifically:
      • You could create a custom Group Policy to hide or disable the restart option for non-admin users:
      • # Via Registry
        reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoWindowsUpdate /t REG_DWORD /d 1
      • To force immediate restarts after updates:
      • # PowerShell script to check for pending reboots and force restart
        if (Get-WURebootStatus -Silent) {
            Restart-Computer -Force
        }
      • For monitoring and diagnosing:
        • Check CBS.log (C:\Windows\Logs\CBS\CBS.log)
        • Review WindowsUpdate.log (use Get-WindowsUpdateLog to generate on newer systems)
        • Monitor Task Scheduler for Windows Update related tasks
    • DavidYorkshire's avatar
      DavidYorkshire
      Steel Contributor

      Thanks. The registry and GPO settings you mention at the beginning of your response all look fine (we had already checked those, and I've just done so again).

      As regards the setting for using a GPO to add the NoWindowsUpdate registry entry, isn't that going to prevent updates from installing at all? We don't want to do that - the issue is with the pending reboots after an update not happening for 24 hours.

      Thanks

Resources