When the SQL Server Release Services team said they were going to start treating cumulative updates just like service packs, you may not have expected this part:
This means if your Windows admins approve and install patches, they may also be patching your SQL Server a little more frequently than you’re used to. Cumulative updates tend to come out about every 60 days – you can see the cadence over at SQLServerUpdates.com‘s detail pages for each version.
Windows Update isn’t a great way to deliver patches – for example, in the screenshot above, my VM is going to download 1.3GB of redundant patches, possibly going through the patch process twice – once for RTM CU14, and then for the chronologically-later Service Pack 2. In this case, there’s no need to download or install CU14 – just applying SP2 would be the appropriate action, assuming your apps are approved for SP2.
I’m sure some folks are going to protest installing cumulative updates – CUs don’t always go well – but note that these updates aren’t flagged in the Important category, only Optional.
I love this change because it makes SQL Server servicing easier for non-DBAs. It’s hard for sysadmins and accidental DBAs to keep up with available patches, and this helps.
Would you recommend to automate sql server patching via poweshell since now we will have less Service Packs and more cumulative updates?
James – I haven’t seen a good automation tool that takes into account running queries & jobs. For example, if I have a 4-hour backup running, and I’m 5 minutes into it, I’m okay with restarting that instance. If I’m 3 hours into it, I’m not okay with restarts. Restarting a running instance is just so iffy.
This one was installed automatically: http://dba.stackexchange.com/questions/144436/by-what-policy-are-sql-server-2014-updates-installed-automatically
Does this go back to SQL 2012?
Yes it does. I asked MS and they confirmed.
They’re in the Update category of WSUS which some companies don’t enable. I don’t know why but I think it includes a LOT of other stuff.
SQL is such a beast for patching. You want WSUS enabled to pick up things like random client tools or Express instances on non-servers; basically as a verification tool that you haven’t missed anything. But you likely also do not want it to actually DO the patching on your servers if you have any remotely large or complex environment.
There are so many pre checks that should occur before and after patching; are your AGs in sync, are you starting on the secondary, do you have pending reboots, did you just break MDS or DQS, have you removed SSISDB before patching, etc. It’s a nightmare (and if you also have clusters and replication it becomes even worse).
It’s a shame Microsoft doesn’t try to make it easier.
Well, this broke my MDS installation on my laptop. During demo time of a webinar. Apparently Windows Update decided to install a security update for the latest SQL 2016 CU. Once MDS detects that the database is out of sync (higher version number), the whole application stops working. Good times.
Any idea why the latest cumulative updates aren’t on Windows Update? They appear to be one CU behind.
Rob – the workings of the Microsoft Windows Update team are a mystery to me.
Me too. My DBA told me CU7 for SQL Server 2016 SP1 was available, but WSUS only has up to CU6. We wanted to push CU7 out this week via WSUS because it had the Meltdown/Spectre patch in it.
We recently inherited the SQL updates and were updating to the latest CU on a SQL Server 2016 AO cluster. We thought we’d save time and start the download late in the day. Imagine our surprise when both nodes of the AO restarted SQL Server around 4 PM… and neither node wanted to be the Primary.
The displayed CU version on the servers did not change, so what’s going on that SQL Server restarts from downloading the CU?
…. I know the previous guy would download the Windows updates late afternoon, but that never caused an issue. He did that several times in 2020.
Unfortunately I can’t do tech support here in the comments.
Oh, no worries Brent. I was just wondering if it was “a known thing” (… that I didn’t know) when downloading CU’s or hotfixes or something like that. Sounds like it isn’t, which is good to know. 🙂