With the goal of putting it in more production boxes, I'm testing Windows 2016 update behavior. I've run sconfig
to select "DownloadOnly" in "Windows Update Setting" and I configured "Active Hours" from 07:00 to 19:00.
It is my understandig that this setup should work as below:
- updates are automatically downloaded;
- updates are not automatically installed; rather, a sysadmin had to manually confirm updates installation;
- if server must be rebooted, a scheduled reboot outside active hours should be automatically configured;
- in off-hours (ie: after 19:00 - 07:00) the server should reboot.
Main question: is the above understanding correct?
I'm asking because when testing on a Windows 2016 Domain Controller and manually installing updates, even if a notice shows "your device is scheduled to restart outside active hours (active hours are 07:00 to 19:00)", the reboot never occours.
I noticed that in Task Manager\Library\Windows\Windows Update, a Reboot Task launcing musnotification.exe RebootDialog
was created to run at 19:20, and it runs each 30/60 mins.
Second question: how Windows 2016 behave, by default, when there are logged remote desktop users? Does it notify? Does it restart? What if the session is in disconnected state?
Note: I know the policy No auto-restart with logged on users for scheduled automatic updates installations
, however:
- It is not active/configured;
- As I am not auto-installing updates, it should have no effect:
This policy applies only when the Configure Automatic Updates policy is configured to perform scheduled installations of updates.
Granted, I fully understand that a server should be patched and rebooted only at appropriate time. However, I would really like to understand the logic behind current (Win2016) update behavior. I strongly feel I am missing something, as this should be a basic maintenance task.
I've read these informations, but I would really like to hear some first-hand Windows sysadmin experience.
Well, after over an year and some Windows 2016 installation, I can answer to my own question. The answer below may be incorrect in some aspects, as Microsoft is not too keen on details regarding Active Hours; still, it's my best understanding of how it works. Comparison to the well-know Win7/Win2008R2 update approach is done as needed.
SHORT ANSWER: after enabling automatic updates with
sconfig
, enable the GPO "Always automatically restart at the scheduled time" to simply ignore "Active Hours" and revert to the classic (read: Win7/Win2008R2) update and reboot behavior. Leave other relevant GPOs (as "ScheduledInstallTime") at their default settings.LONG STORY: Win7 and Win2008R2 have a simple upgrade schedule: by default, updates are installed at 03:00 and, if needed, the machine rebooted. If the machine is off at the scheduled install time, updates are installed at the first possibility but the reboot is postponed and left out at user's convenience.
This approach of postponed reboot was deemed suboptimal for the Windows as a Service model of Windows 10 which, unfortunately, impacted Windows 2016 as well. To avoid a single, easily missed schedule (03:00) for reboot, Win10 and Win2016 have the concept of "Active Hours" - hours in which the server is actively used and should not be rebooted. Hours which are not in the range (let's call them "Inactive Hours") are considered "idle". This means that outside of "Active Hours" the server can be rebooted.
However, "Active Hours" can be configured to be 12 hours long at maximum (note: latest build of Win10 changed that) and, to prevent accidental reboot, Microsoft added some generic heuristic to avoid rebooting the server when it is used outside of "Active Hours". For example, it seems the heuristic detects if users are logged on, if users have unsaved work, if shares are being accessed, ecc. This means that servers which are actively used (ie: Domain Controllers, server with logged Terminal Service users, etc.) will not be rebooted.
But there is more: as even active servers must be rebooted sooner or later, an additional timer assures that the machine is restarted (outside of "Active Hours") 7 days later even if the server is busy (note: the 7-days periods is configurable via GPO). This probably is the cause of the multitude of "my Win2016 rebooted unexpectedly" posts you can found via Google.
Adding the extremely slow Windows 2016 update process and the above confusion with "Active Hours", my humble opinion is that Microsoft really messed up the Windows Update process. It seems Windows 2019 is better in this regard, but considering how easy (and fast) is updating on any server-grade Linux distro I really wonder on how can Microsoft do these kind of mess.
To put an end to this insanity, the GPO "Always automatically restart at the scheduled time" can be used: it will basically disable the new "Active Hours" behavior, returning to a much more obvious (and manageable) "reboot your server after updates that require it" behavior.