Share via

Azure ARC servers installing updates, when they are not part of a maintenance plan.

David 1 Reputation point
2022-09-18T22:37:34.193+00:00

We have had a serious issue with Azure ARC servers installing updates, when they are not part of a maintenance plan. Their local WindowsUpdate.log indicates that the AzureHybrid worker client service is triggering the installations.

We have been trialing scheduling scheduled maintenance configuration windows on low impact servers, however some random high impact servers have been running the updates – These servers were not added to the configuration, and they do not show in the Update Management Center history node. This is concerning.

Have also seen servers continue to install daily definition updates even after being removed from the maintenance configuration. The only way to stop them has been to delete the empty maintenance configuration object.

Azure Update Manager
Azure Update Manager
An Azure service to centrally manages updates and compliance at scale.
247 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Maxim Sergeev 6,566 Reputation points Microsoft Employee
    2022-09-19T21:55:28.697+00:00

    Hi @David ,

    You mentioned "Update Management Center" which is not leveraging AzureHybrid workser service (I assume you are referring to Azure Hybrid Worker server roles).
    It means you may have configured Update Management (not Center!) which is version 1 of Update Management is using Azure Hybrid Worker server capabilities to trigger an installation of the updates. Please switch from Update Management Center to Update Management first and check all schedules in Update Management v1 (this is a part of Automation Account service)

    0 comments
  2. David 1 Reputation point
    2022-09-26T22:45:38.897+00:00

    Thanks, @Maxim Sergeev . That pointed me in the right direction. There was some legacy configuration someone else had set up in Azure Automate.