Tuesday, November 13, 2007

I Hate To Say ""I Told You So""!

OK. No I don't. :)

Back on April 11, 2007 I seem to remember making this post that stuck the knife into Microsoft for their inability to release patches that work. Now, as we all know, there have been quite a few more patches released and re-released by Microsoft since as they seem incapable of actually implementing reasonable quality control on their patches.

Anyway, cut to this morning (Aussie time) when Microsoft released a broken ISA metabase update for WSUS that has caused a lot of grief around the world. Basically, they forgot to remove the double quotes from the title field when they released this update. Quality Control 101 - check things **BEFORE** you release them. (Now the overabundance of quotes in the title of this post makes sense, I trust.)

So, what happened is, basically, anyone who enabled download for ISA updates and all SBS 2003 R2 users who have not modified the settings from the default "download everything, even if you don't use it, just to keep the telcos rich" to more sane settings (and thereby breaking the "Green Check" and turning it into a "Blue Check" and invalidating the usefulness of the SBS 2003 R2 reports based on WSUS) would have received this update and would have had their WSUS and SBS reports die.

Luckily, a few people have realised that Microsoft's dumbing down of WSUS in SBS 2003 R2 has gone too far and chose to make sensible changes to the defaults and ignore the Blue Check and reported "issues" that this generates and those people (ourselves and our clients included) have not been adversely affected by this further example of Microsoft's inability to release functional patches.

The broken patch has now been expired in WSUS so it won't be downloaded onto any further machines, but there are still a large number of affected WSUS boxen out there that probably have not been fixed as yet. For those suffering from this issue, have a read of the Incidents.org report and implement the SQL workaround they offer. [Edit: This TechNet blog post also offers some information on the issue and workarounds for it.]

It was claimed that this proves that WSUS has failed this test and that other patching solutions are therefore better. Insofar as those other options are provided by people who understand what Quality Control is, this may be true. But again, this goes to show that moreso, the dumbing down of the Administrator's control over WSUS in SBS 2003 R2 is at fault. If you can disable the download of crap you don't need and still have a green check, then that would be - sensible. But this is Microsoft we're talking about, and unfortunately common sense is often coded out of their products before the public (even the early beta tester folks) get to add their input.

Of course, the bright side of this is that Microsoft will learn from this lesson and make improvements to their patch release process. (The unfortunate reality is that they have a long history of continually releasing broken patches and this is just another example of them following in their own footsteps without wondering if they are leading off a cliff.)

Regards,

The Outspoken Wookie

No comments: