Windows Server 2016 automatically installs updates without prompting

Question

I have a Windows Server 2016 system that had a pending Windows Update; we update through WSUS, systems are set to Download And Notify (option 3). Yesterday, I went to install a pending update, and the update failed because there was insufficient free disc space. I cleared space, but it was almost quitting time for the day, so I didn't try to install again.

When I got in this morning, I went to run the update, but it said the system was up to date. It turns out, the system installed the update and rebooted overnight, without any prompting.

Sequence of events, per System log:

3:51 PM: I tell patch to install

3:56 PM: Patch fails, due to insufficient disc space.

I clear space on C: drive, do NOT try to install again. I go home.

7:26 PM: Patch begins installing; nobody is here to have started it

9:03 PM: svchost.exe initiates a "planned restart", reason code 0x80020010

9:20 PM: Update Successful

This is a 24-7 server, and should never reboot automatically. I've done all the settings I know of to make sure this sort of thing doesn't happen. We control Windows Update settings through GPO, relevant settings below:

Allow Automatic Updates immediate installation: Disabled

Always automatically restart at the scheduled time: Disabled

Automatic Updates detection frequency: Enabled, 2 hours

Configure Automatic Updates: Enabled, 3 (auto download and notify for install); every day, 03:00

Re-Prompt for restart with scheduled installations: Enabled, 30 min

Specify intranet Microsoft update service location: <local WSUS server>

Turn on recommended updates via Automatic Updates: Enabled

What am I doing wrong, and how can I prevent this from happening again?

* Moved from Windows/Other

Answer 1

Hello,

Thank you for posting in Microsoft Community forum.

Based on the description, I understand your question is related to update.

If this is a 24-7 server, and should never reboot automatically. It is recommended to disable auto update including auto download and notify install, once the update is installed, it will need restart sooner or later. Manually install update and manually restart at appropriate time might be a better option.

Locate this policy: Computer Configuration\Administrative Templates\Windows Component\Window Update\Configure Automatic Updates, set it to Disable.

Have a nice day. 

Best Regards,

Molly

Answer 2

That does not answer my question. I can live with it auto-rebooting, once we've told it to install an update; I'm not a fan of that, but I can live with it.

What I want to know is, why did it auto-install without prompting, and how can I prevent that from happening again? Given the size of modern patches, not downloading them to the server is an unacceptable option in our environment.

Answer 3

Hello,

According to the current policy you provide, machine will auto download and notify for install, the time is set to 3:00.

Windows Update finds applicable updates and downloads them in the background. Users aren't notified or interrupted during this process. When the downloads are complete, users are notified that updates are ready to install. Users can then run Windows Update to install the downloaded updates.

Best regards,

Molly

Answer 4

That makes no sense. With the setting as Download And Notify, the time listed is when to check for updates and download them, not install. My problem is that it installed on its own, in direct violation of these settings.

Answer 5

Hello,

Current policy you provide is Configure Automatic Updates: Enabled, 3 (auto download and notify for install); every day, 03:00.

This will auto download update and notify for install, as you stated the current phenomenon is machine automatically installing updates without notifying you, try locate the policy and reset, then monitor this issue, if it persist, maybe you need to check from the WSUS side or temporarily disable auto update as a workaround.

Best regards,

Molly