band-aid

From times to times, new updates are released for Office Communications Server 2007 R2, in order to correct bugs or to fix some security vulnerabilities.

As part of the normal operations routine, the IT Administrator should decide whether to apply or not apply these hotfixes, although nowadays it’s practically common sense to reserve a maintenance window to effectively install corrective software.

The first thing to have in mind is the risk associated with this kind of operation, in order to prevent situations like the recent one with the KB974571 hotfix.

But after the planning process and the risk mitigation phase, it’s time to apply those patches. Taking the OCS 2007 R2 October 2009 hotfix as an example, the first thing to notice on the download page is there are several files to install:

ocs2007r2-october-2009-hotfix

These files are intended to be downloaded and installed on the different OCS roles (most of the roles require more than one file to be installed). The question one may ask is “Which patches should be applied on a given role?”. Well, fear not, as I’m going to explain 3 different methods that can be used in order to correctly apply the updates with a minimum effort.

Method #1 – Microsoft Update or WSUS

Using Microsoft Update or Windows Server Update Services (WSUS) is by far the simplest method. The main difference between the two is that the first installs the updates directly from the Microsoft site, whether the second goes through an internal approval process by an IT Administrator before downloading and distributing the required updates.

But both methods will automatically deliver the relevant update files to all the OCS roles in your infrastructure. Depending on the update process configured on each server, the updates will then need to be locally approved and given permission to run (or not).

Method #2 - Cumulative Server Update Installer

The Cumulative Server Update Installer (ServerUpdateInstaller.exe) is a tool that can be downloaded together with the rest of the patches. This tool applies all updates for the appropriate server role in one click. Nevertheless this is still a manual method run from the command line or from the Windows UI:

  1. Download *ALL* the files to a local folder and run ServerUpdateInstaller.exe. The Cumulative Server Update Installer can be run using the UI, by double clicking it (see image below), or using the command line.

    server-update-installer

    To run the Installer by using a command prompt, use the following command, together with the appropriate switches:

    ServerUpdateInstaller.exe [/silent [/forcereboot]] | [/extractall]

    The /silent/forcereboot switch applies all the applicable updates silently and then automatically restarts the server at the end of the installation process if it is necessary.
    The /extractall switch the updates from the installer and puts the updates in a subfolder that is named “Extracted” in the folder in which you ran the command.

  2. Since we are using the October 2009 hotfix as an example, this update requires a database upgrade. The database upgrade patch can be applied manually by using the provided OCS2009-DBUpgrade.msi file.  The update should be installed on every front-end and director server running OCS Standard Edition, and/or from any Enterprise Edition front-end or backend (backend preferred). More details and instructions can be found on the corresponding KB article: Description of the update package for Office Communications Server 2007 R2 Database.

Method #3 – Manual Installation

And finally the 3rd method, which I don’t recommend but that I’ll explain for academic purposes.

Please keep in mind the following recommendations for manual deployment (from KB968802 article):

  • All updates for a role must be deployed. Additionally, all updates on the same server role must be at the latest update level.
  • Communications Server Standard Edition and Communications Server Enterprise Edition Consolidated also require all updates for any roles that are deployed on the server. All updates must also be at the latest update level.
  • Additionally, the following recommendations apply to the for Office Communication Server 2007 R2 Distributed Enterprise Edition:
    • Update the whole topology with the latest updates for each component at the same time. This may be possible in smaller environments.
    • First, update the pool and the directors who are servicing the pool. Update additional pools as possible with the directors for these pools at the same time. If a director services more than one pool, the director is updated while the first pool that it services is updated. The external pool servers must be updated after the pool that they service is updated.
    • (CWA and media) If an external pool server services more than one pool, it will be updated after all the pools that it services are updated.

Having said that, the following table (click for larger size) helps you determine the mapping between the updates and the different server roles (courtesy of my colleague João Bravo, kudos to him):

ocs-updates-jb

Just follow the “greens” and apply the update files to each OCS server role according to the previous table.

Keeping up with the updates

If using any of the manual processes described above (methods 2&3), the best way to keep up with the latest OCS updates is to regularly check the new Updates Resource Center for Office Communications Server 2007 R2 and Clients on the OCS TechCenter.