Patching, updates and change control

Another regular round of patching this week.

My Active Directory DC and primary Kerberos box needed updating from Windows 2003 SP1 to Windows 2003 SP2.

The update had been on the list for a while, but because of the importance of it for authentication for all workstations and PAM/Kerberos on the Linux systems it never found a window.

I started the work while at home taking calls today – and for some reason SP2 just didn’t want to install. Multiple errors complaining about INF file validity and internal errors.

In the end I had to remove SP1 and install SP2 onto the rolled back server. I’m going to be testing everything this evening to make sure nothing drastic changed.

What was planned to be a 30 minute outage with a rollback of ‘uninstall the SP2’ turned into a more complex change. Uninstall SP1; rollback to re-install SP1. Install SP2. Rollback to uninstall SP2. Final recovery – restore from backup.

The moral – even with good change control the unexpected happens.

Leave a Reply

Your email address will not be published. Required fields are marked *