Windows: Hotfix installs, Remote Desktop and the Reboot

If you’re an Aministrator and ever faced system hung when tried to reboot after installing patches.  More often than not, the patches were installed logging on to the server via Remote Desktop (without using the /console or /admin switch) and using either the Windows Update web site or the "Automatic Updates" tray icon.  Both methods do the same thing and use […]

If you’re an Aministrator and ever faced system hung when tried to reboot after installing patches.  More often than not, the patches were installed logging on to the server via Remote Desktop (without using the /console or /admin switch) and using either the Windows Update web site or the "Automatic Updates" tray icon.  Both methods do the same thing and use the same processes.  After the updates are installed, the Administrator clicks on the "Restart Now" button to complete the installation.  The Remote Desktop Session goes away, and the Administrator thinks that the server is in the process of rebooting.

However, the problem is that the server may not really be rebooting.  When the Administrator tries to connect back into the server via RDP after several minutes, he discovers that he cannot.  When he logs on at the console of the machine to investigate, he discovers that the RDP Listener is listening on port 3389 but no-one can connect via RDP.  To resolve the issue, he has to reboot the server from the console.  So what happened?

The first place to start is with the installation log files for the updates.  In the %SYSTEMROOT% folder, there are several .log files created when patches are installed:

 

When you open up one of the files you can walk through the installation of the patch, including the following information:

  • What time the patch install started:
[KB885836.log]
0.656: ================================================================================
0.656: 2008/02/05 10:20:34.046 (local)
0.656: c:\53f60e03a81769236c7d3218\update\update.exe (version 5.5.33.0)
0.656: Service Pack started with following command line: /q /z
0.859: ---- Old Information In The Registry ------
  • Location of the files being updated
  • Whether any errors occurred.  For our scenario this is crucial.  One of the most common error message seen in this scenario is:
1.703: Failed To Enable SE_SHUTDOWN_PRIVILEGE