As I’m watching on the BBC the Friday’s edition of Gardeners’ World, I’m patching my server and preparing to patch for the WSUS cert issue. As you may be aware we’ve seen some folks get nailed by this patch.
Unfortunately I can’t give you a clear idea of why some are getting nailed.
So before we patch WSUS it’s a good time to weed it out and deadhead it. (okay so listening to Monty Don while patching and writing a blog post means that you’ll probably get some gardening references thrown in tonight).
First thing I’m doing today to hopefully ensure that I have a successful WSUS updating is that I’m ensuring that I update WSUS KB2720211 all by itself. So I’m installing all other updates I plan to do today, rebooting.
<wait wait wait – or use a script to shut down >
Now that the server has rebooted from all the other updates, we’re going to get our WSUS equivalent of the hula hoe out and rip out the old dead patches. Launch the WSUS console and go into tools and then into options. Go down to the wsus cleanup wizard and run this one tickbox at a time.
I decided to not follow the SUS support blog and reindex the WSUS mainly because I have a pretty small one (as compared to the Enterprise guys), and secondly when I went to install that SQLCmd thing they talked about… I got this: Product: SQL Server Command Line Query Tool — Installation of this product failed because it is not supported on this operating system. For information on supported configurations, see the product documentation.
Hmm… okay so let’s not do that.
What I did do was to backup the database just in case. I’m doing this on a SBS 2008, the other platforms are similar.
Go into SQL 2005 Express by runas Admin and choose \\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query . Then go into the SUS database
Right mouse click on tasks and back it up
Choose disk and park it somewhere you will remember.
I did this update all by itself and keep in mind that because it’s taking down WSUS and the IIS website, it nailed RDgateway so I’d not rely on RDgateway/RWW patching for this one.
A small command window pops up and it’s a fairly fast patch. Then reboot.