Whenever we hear about updates for any device firmware, application software, or operating system software it is _always_ a good idea to read the Release Notes (we probably all know the acronym that comes to mind here ;) ), README.TXT, _and_ do a search for the update to see if anyone is complaining about it.
Unfortunately, this major update for Windows 8.1 and Windows Server 2012 R2 has its issues some of which are full-stop problems.
The first place to start for this update is here:
There is a lot of information there.
- Update 1 is the new baseline for all updates going forward.
- Meaning, no more updates to that OS if the bits are earlier than 8.1 U1 or 2012 R2 U1.
- Update 1 breaks SSL communications between endpoints and WSUS
This last one is a deal breaker for many enterprises, medium enterprises, and especially in our own SMB/SME environments where WSUS is virtually everywhere for patch management.
We just stood up a new cluster on 2012 R2. After our Cluster-Aware Update run:
Our cluster nodes now have the update. Since this cluster setup is Greenfield with WSUS ultimately ending up _on_ the cluster the nodes were updated via Microsoft Update.
The workaround for this situation is to enable TLS 1.2 as instructed in the above blog post. Since we are deploying Windows Server 2012 R2 into client sites we will have no choice but to make this change.
Then, when Microsoft releases an update to the update to hopefully fix the problem we will need to test that update extensively _especially_ in a cluster setting!
Yo Microsoft! There is a huge pool of folks willing to test and break this stuff for you! Please get us involved in the early bits for operating systems, applications, and updates again. This ongoing situation of releasing patches and updates to the public without testing them on disparate systems is a _bad_ thing. :(
Microsoft Cluster MVP
Co-Author: SBS 2008 Blueprint Book
Chef de partie in the SMBKitchen ASP Project
Find out more at
Third Tier: Enterprise Solutions for Small Business