- This topic has 4 replies, 2 voices, and was last updated 5 years, 11 months ago by .
-
Posts
-
We have an engineer claiming BatchPatch giving false positives for server 2016 reboots when using batch patch, what is the supported version of batch patch we should be using for 2016 servers?
Craig – Can you clarify what you mean by “BatchPatch giving false positives for server 2016 reboots” ? Please be as descriptive as possible. At the moment I’m not quite clear on what you’re talking about.
How does BatchPatch show this? I think you are saying that if you execute the BatchPatch action ‘Get pending reboot status’ it reports TRUE in cases where you believe it should be reporting FALSE. Is this correct?
If you look at the entire cell contents of a BatchPatch ‘Get pending reboot status’ result, you will see something like this:
FALSE ...
isWindowsUpdateRebootPending: False
isComponentBasedServicingRebootPending: False
isUpdateExeVolatileRebootPending: False
isCCMclientUtilitiesRebootPending: Undetermined
PendingFileRenameOperations: NONE
Note, Windows does not offer/provide a sanctioned, singular way to determine with certainty if a computer is in need of a reboot. However, Windows does mark in several places in the OS values that can be used to infer that a reboot is required to complete certain operations.
When using ‘Get pending reboot status’ BatchPatch checks the following locations of the target computer(s) to determine if reboot is needed:
HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto Update:If a subkey contains “RebootRequired” BatchPatch returns TRUE.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionComponent Based Servicing:If a subkey contains “RebootPending” BatchPatch returns TRUE.
HKLMSOFTWAREMicrosoftUpdates:If the UpdateExeVolatile value exists and is greater than 0, BatchPatch returns TRUE.
CCM_ClientUtilities.DetermineIfRebootPendingmethodIf the host has SCCM installed and this method returns TRUE, BatchPatch returns
TRUE.
HKLMSYSTEMCurrentControlSetControlSession Manager:If the PendingFileRenameOperations value contains any filepaths, BatchPatch displays
them, but this will not cause BatchPatch to return TRUE even though the rename operations will occur upon reboot.
All that said, when you use ‘Get pending reboot status’ and it returns TRUE it doesn’t mean that you absolutely must reboot the computer. It means that Windows has operations that are pending reboot to be completed. It does not necessarily mean that the computer is in an unstable or problematic state.
If you use one of the BatchPatch methods to install Windows updates, but you do not let BatchPatch also ‘reboot if required’ then you could leave your computers in an unstable/unprotected/vulnerable state since it is the case that some updates will not be “live” until the reboot occurs. However, if you are rebooting the computers after Windows updates are installed, but then at a later date ‘Get pending reboot status’ reports TRUE, it does not necessarily mean that the sky is falling and that you must drop everything and reboot immediately, though it may warrant further investigation to see why BatchPatch is reporting TRUE so that you can determine if you want to reboot the computers or not.
- You must be logged in to reply to this topic.