System Center and Auto Update Rollups–BAD IDEA!

Since a while Microsoft has been pushing update rollups by using windows update.

This post is a strong recommendation to Microsoft to STOP using the windows update mechanism

or provide a decent way to check the update’s and all installation has been successfully!


Ever since update’s for especially SCOM has been introduced we all have experienced the difficulty to install these updates.

People do not follow the documentation and 5 out of 10 times leaving a not working environment after faulty install of the updates.

Luckily Kevin Holman stepped up as the SCOM update rollup guru Winking smile

As always he does a terrific job on how to install these updates.

And most of us know the way to check the blog first before installing the update manually.

so why the complaint?

Customer Expectations on Windows Update

Windows update is the mechanism to install updates to your datacenter, when using extensions like WSUS and SCCM you can do this in a controlled manner.

Customers expect the windows update to AUTOMATICALLY install updates.

And especially the regular Administrator will just use windows update to deploy these update rollups.

Which seems to work since the update installed correctly, what it doesn’t mention though you need to manually do a ton of stuff to actually update your environment to a working environment!

import management packs, edit webconfig files and run SQL scripts to get it to work.

This is bad….very bad!

At each and every environment where we are called to check or trouble shoot manual steps have not been taken to get the environment decently updated.

Off course I tell them to never use windows update to install System Center again, but their reaction is very understandable: 

“Why does Microsoft provide these updates by Windows Update, when you cannot use windows update to fully install these?”

Well the answer to this is…..eeehh….well …yes they….hmmm maybe there is no decent answer to this …..just follow my guidance by not using windows update for system center since you require manual steps and certainly want to check afterwards.


People are notorious for not reading manuals and this will never go away, it is a given.

No matter how many times you have read RTFM still you will not.

Not only in IT when you receive a new dish washer or other appliance you just start using it and after hours of troubleshooting why it doesn’t work read the manual and….yes this could have been avoided. Sad smile

(the exclusion to this is obviously the wife buying a brand new closet at Ikea….no way you can build this even with the manual Winking smile )

But with Windows Update people are certainly not reading the manual since you have a nice option to automatically install and they expect this.

Leaving their System Center environments in non working states.



  • SCVMM console only starting very slowly because SCOM – SCVMM integration is not working management packs not update so version mismatch.
  • SCSM – SCOM management packs out of sync, version mismatch synchronizations not working.
  • Slow performance even after running the newest updates, which is clear because they failed to actually implement the update.
  • Bad Update rollups breaking stuff in your environment, yes unfortunately this has happened in the past. when you manually install the updates you are likely to catch these. especially if they are caused by another update, running everything at once will not make your troubleshooting life easier on where did it go wrong!



Remove the update rollups from Windows Update

People do not follow the documentation and 5 out of 10 times leaving a not working environment after faulty install of the updates.

So we cannot change this behavior but certainly make it more likely you are reading the steps to update.

By manually downloading the update, and clearly stating this is not just click and go you lead people in the direction to manually add the stuff.

But by providing them through windows update they will certainly NOT read them!

Provide a way to check updates successfully

Since the update itself if not the problem provide people a way to easily check all the manual steps as well if they have been run.

maybe provide a PS script which actually checks the updated files, management packs config files etc.

Use SCOM to check Manual steps

Well since we are using SCOM why not provide a management pack which simply monitors all components for correctly being updated? Not only the bits but the manual steps as well.

When you can script them you can monitor these as well.

Something like a update rollup checkup MP which checks all components have been updated correctly and if not provide the user a link how to fix these!

Would be happy to write this but need some pointers here on the next rollup prior to release to make sure we are covering everything.


Again System Center product team please make update rollups not easier to deploy but provide ways to successfully deploy them!



Oskar Landman

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.