From times to times, new updates are released for Office Communications Server 2007 R2, in order to correct bugs or to fix some security vulnerabilities.
As part of the normal operations routine, the IT Administrator should decide whether to apply or not apply these hotfixes, although nowadays it’s practically common sense to reserve a maintenance window to effectively install corrective software.
The first thing to have in mind is the risk associated with this kind of operation, in order to prevent situations like the recent one with the KB974571 hotfix.
But after the planning process and the risk mitigation phase, it’s time to apply those patches. Taking the OCS 2007 R2 October 2009 hotfix as an example, the first thing to notice on the download page is there are several files to install:
These files are intended to be downloaded and installed on the different OCS roles (most of the roles require more than one file to be installed). The question one may ask is “Which patches should be applied on a given role?”. Well, fear not, as I’m going to explain 3 different methods that can be used in order to correctly apply the updates with a minimum effort.
Using Microsoft Update or Windows Server Update Services (WSUS) is by far the simplest method. The main difference between the two is that the first installs the updates directly from the Microsoft site, whether the second goes through an internal approval process by an IT Administrator before downloading and distributing the required updates.
But both methods will automatically deliver the relevant update files to all the OCS roles in your infrastructure. Depending on the update process configured on each server, the updates will then need to be locally approved and given permission to run (or not).
The Cumulative Server Update Installer (ServerUpdateInstaller.exe) is a tool that can be downloaded together with the rest of the patches. This tool applies all updates for the appropriate server role in one click. Nevertheless this is still a manual method run from the command line or from the Windows UI:
To run the Installer by using a command prompt, use the following command, together with the appropriate switches:
ServerUpdateInstaller.exe [/silent [/forcereboot]] | [/extractall]
The /silent/forcereboot switch applies all the applicable updates silently and then automatically restarts the server at the end of the installation process if it is necessary.
The /extractall switch the updates from the installer and puts the updates in a subfolder that is named “Extracted” in the folder in which you ran the command.
And finally the 3rd method, which I don’t recommend but that I’ll explain for academic purposes.
Please keep in mind the following recommendations for manual deployment (from KB968802 article):
Having said that, the following table (click for larger size) helps you determine the mapping between the updates and the different server roles (courtesy of my colleague João Bravo, kudos to him):
Just follow the “greens” and apply the update files to each OCS server role according to the previous table.
If using any of the manual processes described above (methods 2&3), the best way to keep up with the latest OCS updates is to regularly check the new Updates Resource Center for Office Communications Server 2007 R2 and Clients on the OCS TechCenter.