Mar 15 2021 12:40 PM - edited Mar 26 2021 04:39 PM
Hello,
We have about 60 Windows 2012 R2 and 2016 servers for 24/7 operating manufacturing lines. These servers seem to have not updated at all since 2018, I have to plan how to update these servers as fast as I can but don't impact or break applications running on it. There are lots of old .Net developed applications and PLC software.
Windows 2012 R2 server patch strategy:
So, I liked to apply Security Only Updates to the server, but since the patch has only the month's security patches, I have to apply all security patches from 7/2016 which is almost impossible.
So, I have to update the server with Monthly Rollup 3/2021 which has cumulative updates from 7/2016.
Question 1. Microsoft says Monthly rollup contains other updates with security updates. Does it contain other updates such as Flash, .Net, and others which may break my old .Net applications installed on the server? I like to update the server up to date, but very least impact on the server.
Question 2. For critical 24/7 operation servers, do you guys install Security Only Update or Monthly Rollup regularly?
Windows 2016 server patch strategy:
Microsoft seems they changed the update scheme and there's only Monthly Rollup.
Question 3:
If then, if you want to patch your server with the least risk, how do you patch your 2016 servers? Just apply Montly rollup and have you find any issue?
Thank you in advance.
Updates:
I patched 30 Windows servers 2012R2/2016 with monthly rollups 1 week ago, no issue so far.
-2012 R2: Feb 2021, 0.5GB, took 15 minutes
-2016: Feb 2021, 1.5GB (You need to install the latest SSU (Servicing Stack update before applying monthly rollup), took 40 mintues.
As I researched, Monthly rollup contains reliability update besides security update, but not .net or other application related updates, so it's quite safe that it will not break existing application states. I had lots of issues the windows update breaking applications with Windows 7/2008, but Microsoft seems doing quite well on making monthly rollup is stable. For .net, it has its own update history and separate channel.
Mar 15 2021 02:19 PM
The software manufacturer should maintain a list of supported patch levels so I'd ask them or check their site (Rockwell does this) You could also test in an isolated environment.
Mar 15 2021 02:47 PM
Mar 15 2021 02:51 PM
SolutionI am not sure what will happen if I don't install the Security Only Updates prior 8/2020
It won't hurt to try, if there's a prerequisite or requirement then the update will throw "not applicable" and exit.
Mar 26 2021 04:32 PM
Mar 15 2021 02:51 PM
SolutionI am not sure what will happen if I don't install the Security Only Updates prior 8/2020
It won't hurt to try, if there's a prerequisite or requirement then the update will throw "not applicable" and exit.