Question on update management

shashi kaushal 46 Reputation points
2021-01-21T11:04:46.48+00:00

I was reading the below document where i found the below :

https://learn.microsoft.com/en-us/azure/automation/update-management/overview

While defining a deployment, you also specify a schedule to approve and set a time period during which updates can be installed. This period is called the maintenance window. A 20-minute span of the maintenance window is reserved for reboots, assuming one is needed and you selected the appropriate reboot option. If patching takes longer than expected and there's less than 20 minutes in the maintenance window, a reboot won't occur.

My question is :
Lets suppose i am patching the server of OS 2012 /2012 r2 and This server has like 60 patches that are missing . Now i have scheduled a maintenance windows of 120 mins. But since it reserves 20 mins , that means i only have 100 mins to get all these 60 patches installed.
If i am not able to install all these 60 patches to install on that machine and i was only able to install like 50 odd , what will be state of the patches staged , Not installed or what ? Secondly now we did not initiated the reboot because it says the reboot won't occur. So when this schedule comes back again so we should we resume from where we stopped correct ? That means that hybrid runbook worker keep track or what was been done last time or how it proceeds ?

Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,143 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Stanislav Zhelyazkov 21,506 Reputation points MVP
    2021-01-21T11:33:02.59+00:00

    Hi,
    I am a little bit confused to understand all questions. For example, I am not sure what you mean by resume. Let me answer the question with the expected behavior.:
    Scenario: Maintenance window set to 120. Setting set for reboot if required. 60 updates needs to be applied.

    1. Schedule starts
    2. Updates are starting to be applied
    3. If none of the updates requires reboot then no reboot will be performed. Each update contains information if reboot is required. There is a column RebootBehavior in Update table records. Basically only updates that have NeverReboots value will not initiate the reboot.
    4. If no reboot is required than the installation of updates will continue for those 120 mins roughly.
    5. If reboot is require the updates will be installed until around 100 mins and 20 mins will be reserved for reboot.
    6. If reboot is performed and there are updates that need to be installed still you will have to create another schedule. Rest of updates will not be installed even if there is some time left of the schedule.
    7. If reboot is not performed and there are still updates that needs to be installed they will not be installed. You will need to create another schedule.

    The information of what updates are installed goes into table UpdateRunProgress. Once update schedule finishes also another scan will be performed after some time to calculate which updates are still missing so you can see them in table Update.

    What many customers do is to have one schedule that just install updates and does not reboot and another schedule that just does reboot without installing updates. That way you can control roughly the time when the machine will be rebooted. Of course the reboot only schedule runs after the update schedule and does not overlap with the maintenance time window.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

  2. Stephen Correia 6 Reputation points
    2021-02-13T03:16:22.86+00:00

    I would also add that if you setup your service utilizing multiple servers in a load balanced configuration, such that a single server being patched will not cause any kind of downtime, you can avoid this type of problem by having separate maintenance windows for separate server instances.

    You might also want to consider utilizing a PaaS service like Azure App Service where patching is not necessary.

    0 comments No comments