…doesn’t exist.  Anytime you make any sort of changes you introduce risk.  But the question you have to ask and decide is when the benefits of the patch outweigh the risks of the patch.

One person’s patch pain does not mean that you will see it too.  One server’s patch pain does not mean you will see it on all of your servers.

HAVE A GOOD BACKUP before you start ANY service pack. 

So far when installing WSUS 2003 sp2 I’ve seen (so far) two sorts of errors.  One is a 1602 permission error which I’ve only seen one of at this time.  The rest are 1603 errors.  1603 errors look to me to be installer issues and so far I’ve seen some being solved from using the office installer fix up tool.  http://support.microsoft.com/default.aspx/kb/290301

The benefit of this patch is that it supports Win7s for patching purposes.

I’d recommend if you have issues with this service pack to post in the SBS 2008 partner forum http://social.microsoft.com/Forums/en-US/partnerwinserversbs/threads and zip up and park in a skydrive the WSUS setup files from this location —

c:\users\name of your admin\appdata\local\temp look for the WSUS setup logs

You will need to set the ability to view hidden folders from the folder properties to see that location.

 If you have not signed up for the partner forums…
https://partner.microsoft.com/US/40058790  go to that location and sign up.

 To those that say that Microsoft needs to test better.. they did.  On all of my servers in testing I never had issues.  Installer issues are not unique to this patch, nor are they unique to Server 2008.  The cause of this issue is not the underlying way that WSUS is patched.  If you see people saying a patch blew up, there’s more than likely 20 other folks that it worked just fine on.  They just don’t run to the forums or newsgroups shouting “It worked”!

And the reality with our mutliple use boxes is that one cannot test for 100% no issues.  There may be during install.  That’s why we get paid the big bucks.  The key is to decide which patches are worth the possible risk and the best timing to do it.  But we have just too much software n the world to have 100% perfect installs and updates.  It’s just not a realistic attitude to take.  So plan on failure.  By that I mean ensure you have a backout plan.  A place to go to for help (newsgroups or forums).  Ways to restore the server.  Instructions on how to repair.  No service pack should be considered to be a trivial thing.  HAVE A BACKUP.

And to those that say that when I blog about patch pain that I’m showcasing why the cloud is superior are full of it.  Clouds have patch pain too, they just hide it.  Furthermore their maintenance windows/risk of patching/what gets updated and what doesn’t is on their schedule not yours.


3 Responses to 100% foolproof way to apply patches and ensure that they never ever have issues…

  1. Steve W. says:

    I just upgraded to WSUS 3.0 SP2 (from SP1) on a Windows Server 2003 box. It went smoothly – no problems.

  2. Luke says:

    I got the 1602 error. Eventlog shows:
    The installer has insufficient privileges to access this directory: C:\Program Files\Update Services\Selfupdate

    How did you deal with that one? I was logged on with an Admin account, and the folder mentioned doesn’t exist.

    Now I don’t have any WSUS working 🙁

  3. bradley says:

    Luke — based on my read the Admin account has memberships that are conflicting with the real admin account and thus having issues installing.

    Can you let me know what membershipe roles the administrator account has?