How Chocolatey Business saved me from a Patch Tuesday disaster

First off, I will admit it. I have bad luck with Patch Tuesday and WSUS servers. Twice in the last two years my WSUS server has decided to crash prior to pushing out patches to my servers on a Patch Tuesday. Perhaps this is just my experience but it seems I need to rebuild my WSUS server at least once a year from some bizarre bug that hits me. I normally research the error, but after a while realize it is just easier to rebuild it. Needless to say the WSUS Gods hate me.

Tonight, I first got hit with this pretty little number –

After resolving it with the workaround, my WSUS synced updates successfully but was still acting funny as I received errors about it not being able to download update files. I realized that the server had crapped out two days ago as no clients had been reporting since then and I just did not realize it until now.

So here I was an hour before my scheduled outage with no WSUS server to hand out updates. Sh*t! Normally, I would resort to copying the .msu files to each server and then strictly using PSExec and PowerShell for this, but tonight another solution came to mind. Chocolatey.

I remembered that Chocolatey can actually create packages from .msu files and since Microsoft only hands out one big patch a month now for 2008/2012 servers all I had to do was create a package from the .msu files I needed and push them out.

So I downloaded the April 2017 patches for my servers and ran:
choco new –file=<.msu file> –build-package and like magic my packages were created. I pushed them to my hosted NuGet server, and then deployed them using PSExec (PS remoting does not seem to be an option with wusa.exe). All and all the process actually took less time than my normal routine of using Invoke-WUInstall from the PSWindowsUpdate module.

Moral of this story is, WSUS is about as dependable as the weather so always have a backup method of deploying patches.

Comments are closed.