Microsoft has been doing a poor job lately QA testing their updates, and anyone setting their WSUS servers for auto-approve is feeling the pain. There are three updates in particular that have been causing the most problems, KB4088875, which is the monthly roll-up, KB4088878, the security only update included in the roll-up, and KB4088881, the monthly roll-up preview. I’ve seen a few different behaviors from 2008 R2. Some servers patched with no problems, some patched and had their NIC overwritten, and some have been blue-screening every couple of days to more than once a day.

The majority lost their NIC, which is a quick fix to restore but caused the server to lose all network if it has a static address. The registry still had the addressing information, so in most cases running the following will pull up the original IP’s if you don’t have them documented.

Get-ChildItem hklm:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

Microsoft has since put out a prerequisite patch, KB4099950 that will prevent the NIC settings from being replaced and KB4099467 which is supposed to stop the daily blue screens.

I’ve also seen Server 2008 and Server 2012 (both non R2) servers that never boot back up after applying updates, although regrettably I don’t have the specific patches. DISM and sfc /scannow were unable to repair the boots, and in these cases we had to restore from backups.

I don’t always fault Microsoft for releasing patches that break things. Their software and operating systems are in thousands of different environments interacting in different ways, configured in different ways, and put to use in different ways, so I don’t expect them to catch everything – but from my experience the NIC settings are dropping off the majority of 2008 R2 boxes that apply one of those updates. That seems like a glaring miss from the QA team.


Leave a Reply

Your email address will not be published. Required fields are marked *