Once upon a time there were SharePoint patches on SBS 2003 and SBS 2008. And each time they were released I’d cross my fingers and toes and hoped that everyone would ride through without issues. And sometimes in the SBS community they wouldn’t. When they blew — they blew. Standalone SharePoint was also impacted by these updates. Sometimes due to timing on the box the psconfig command wouldn’t finalize and the binaries installed would stop the SharePoint and not complete the patching process. It was a pain.
So in the SharePoint 2010 era the SharePoint folks lowered their expectations of how patching should occur. They plan for them to blow up the system from the get-go. Seriously. As such they now install the binaries but don’t fully apply them to the system until you run a manual psconfig. The system can run like this and not have issues – patches are mu/installed on the system/psconfig not yet run and SharePoint will be happy as a clam.
This ensures a safer patching process as the admin decides when to run the psconfig (after a backup), not windows update at the ungodly hour of 3 a.m.
So Susan, what does this have to do with SBS?
It directly impacts your duties as an admin or consultant to a SBS 2011 system.
We’ve got SharePoint 2010 on the box. So when SharePoint is offered up updates and you install the updates on the server, you are only 1/2 done. It’s also the reason that we’re not blowing up SharePoint 2010’s after Patch Tuesday these days. Because it’s no longer automatically trying to run that psconfig command that would get stuck on us.
You Must Manually Run PSCONFIG after Installing SharePoint 2010 Patches
– The Official SBS Blog – Site Home – TechNet Blogs:
Q: What does this mean to me and my SBS 2011 boxes?
A: From now on when you go to Microsoft update, or WSUS has downloaded a SharePoint update, once you install the update and reboot the server you aren’t done yet.
Q: What do you mean?
A: You must remember to manually run the psconfig command
Q: How do I do that?
A: Follow the guidance from the SBS blog:
1. Open an Administrative command prompt.
2. Change directory to C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN
3. Run PSConfig.exe -cmd upgrade -inplace b2b -force -cmd applicationcontent -install -cmd installfeatures
Q: But Susan, why isn’t this done manually? I mean come on girlfriend, this should be automatic!
A: Here’s the thing – it’s not automatic for ANY SharePoint out there. Intiially when I realized this I was all huffy and puffy and soapboxy and was going to march up to Redmond and demand that there would be an automatic psconfig command done. But then I stepped back and thought about this…… do we really want to be the ONLY platform that psconfig’s automatically on Patch Tuesday? Do we want to be the ONLY ones doing this when even the SharePoint team has deemed their updates to be not robust enough to handle automatic updating?
Q: So what’s the bottom line – what if I don’t run this command?
A: The good news is that the box can chug along just fine with the binaries (aka the patch) installed but the psconfig not run. You’ll get an alert in your email, but the SharePoint won’t stop working. You won’t be fully updates to protect for security issues — but here’s the thing — right now there’s only been one security update http://www.microsoft.com/technet/security/Bulletin/MS10-072.mspx for SharePoint 2010 and it’s not been a ‘from remote’ attack – one has to be authenticated in a SBS network and the issue of information disclosure and attacker running a cross site scripting and throwing safehtml code at the box…. honey, we have an HR issue of a malicious employee that should be fired problem, not a security problem.
Q: So like I’m supposed to remember to do this each time there’s a SharePoint update? Come on. I have lots of other stuff I have to take care of, now this!
A: I see this as the price tag of premises. We get the control. We also get the patching as a result. So far there’s been one security update for SharePoint. I’ll blog and remind the community each time there’s an update and your email alert from the box will remind you as well. I expect a SharePoint 2010 sp1 in June coming up and that will need to be manually psconfig’d as well.
Q: Does this impact SBS 2008?
A: No, only SBS 2011 Standard.
Q: Does this impact SBS 2011 Essentials?
A: No. 🙂 There’s no SharePoint on the box in Essentials – it’s in the cloud where it’s their problem to deal with.
Q: Does this impact Standalone SharePoint 2010 foundation servers?
A: Yup it does, they do the same thing – standalone single servers will install the update, not run the psconfig.