Slides for SharePoint Saturday in Munich March 4th, 2017 Session: SPSMUC22: SharePoint Patching Demystified

1. 4th of March 2017
@MS HQ Munich
SharePoint Patching Demystified
#SPSMUC22
Stefan Goßner
Senior Escalation Engineer
Microsoft GmbH
@stefan_gossner
https://blogs.technet.microsoft.com/stefan_gossner

5. • Downtime happens…
• …while installing the binaries
• Services have to be stopped before installing the binaries and restarted afterwards
• …while upgrading the content database
• Stored Procs, Functions and Triggers are dropped and recreated during DB upgrade
• Exceptions can occur if elements are missing while SharePoint tries to access them
• To prevent problems accessing SharePoint content while the database is upgraded is
unsupported and untested
See: https://blogs.technet.microsoft.com/stefan_gossner/2016/04/29/sharepoint-2016-zero-downtime-patching-demystified/
SP2013 –Downtime during Patching

6. • Installing the binaries
• Ensure to have at least two server per role
• allows to install the patch binaries without downtime
• Steps:
• Remove first server from LB
• patch it
• add it back to LB
• repeat with other servers
• Patched servers run in backward compatibility mode
• Servers with newer binaries can work with databases with older patch level
• Reduce Patch installation time by disabling services (Russ Maxwells Script)
See: https://blogs.technet.microsoft.com/stefan_gossner/2016/04/29/sharepoint-2016-zero-downtime-patching-demystified/
See: https://blogs.msdn.microsoft.com/russmax/2013/04/01/why-sharepoint-2013-cumulative-update-takes-5-hours-to-install/
SP2013 – minimizing downtime patching

7. • Upgrade databases
• Use PowerShell to upgrade content databases
• Allows to upgrade multiple databases in parallel in different PowerShell sessions
• Reduces downtime compared to DB upgrade with PSConfig
• Downtime occurs while (e.g.) stored procs are deleted/replaced
• With SQL Enterprise use snapshots to minimize downtime
• Allows to use SharePoint in read-only mode during db upgrade
• Upgrade-SPContentDatabase -UseSnapshot …
• After all Content-DB have been upgraded run PSConfig / PSConfigUI
• Aside other things this will upgrade the remaining SharePoint databases
See: https://blogs.technet.microsoft.com/stefan_gossner/2016/04/29/sharepoint-2016-zero-downtime-patching-demystified/
SP2013 – minimum downtime patching

8. • Binary installation changes
• Number of packages has been reduced
• Reduced installation time (Russ Maxwells script no longer required)
• Database upgrade changes
• No need to use Snapshots!
• Better without as this will lead to read-only content databases
• It is supported to use SharePoint during DB upgrade
• DB upgrade can be done on the fly
• These steps are long tested in SPO
See: https://blogs.technet.microsoft.com/stefan_gossner/2016/04/29/sharepoint-2016-zero-downtime-patching-demystified/
SP2016 – zero downtime patching

9. “What if I have multiple web front end servers
and have to patch them one by one as half of
them are not sufficient to deal with my load?”

10. • Adds version number to script URLs
• ensures serving same
scripts from all servers in
the farm independent of
patch level
• ensure that clients are
using the most current
scripts independent from
proxy or browser caches
after patching
• Administrator configures
the version to be used for
the whole farm
SP2016 – Side by Side functionality

11. • Enable Side by Side functionality
• First time use: create side by side files for current
patch level
SP2016 – Side by Side functionality

12. SP2016 – Side by Side functionality

13. • Configure the side-by-side directory to be used
• Now all javascript files will be served from the side-
by-side directory
SP2016 – Side by Side functionality

14. • Now install the updates using the zero-downtime
patching steps
• As side-by-side patching is enable: new side-by-side
directory will automatically be created by PSConfig
SP2016 – Side by Side functionality

15. • Configure the new side-by-side directory to be used
SP2016 – Side by Side functionality

17. • Service Packs
• Cumulative Updates
• „Uber“ or Server Packages
• Public Updates – distributed using Microsoft Update,
subset of Cumulative Updates
• Security Fixes – subset of Public Updates
Important: SharePoint updates cannot be uninstalled.
Patching = Build to Build Upgrade

18. • Service Pack contains
• All previously fixes
• Potentially new functionality
• Sets a new patch baseline
• Cumulative Updates require a specific patch baseline to be present
• Fixes released more than 12 month after the service pack will not install if the service pack
baseline is not present
• Needs to be installed within 12 months after release
• Cumulative Update contains
• All previously released fixes for the patched component since the oldest
supported baseline
• Usually no new functionality (except feature packs for SharePoint 2016)
Service Pack vs Cumulative Update

19. • Common Statement:
„We cannot install a new service pack as our IT department requires more
intensive testing for installing a SP than for a hotfix (CU)“
• It should be the opposite because
• Service Packs undergo far more testing by Microsoft than CUs
• Service Packs contain the same fixes as previous CUs
• A CU includes all the fixes included in a previous Service Pack as well
• Installing a CU does not have less impact than installing a Service Pack
Service Pack vs Cumulative Updates

20. • Language independent and language dependent components
• coreserver-x-none.msp <- language independent
• coreservermui-en-us.msp <- language dependent (e.g. *.resx, *.js, *.css …)
• coreservermui-de-de.msp
• coreservermui-fr-fr.msp
• coreservermui-pt-pt.msp
• … (overall 50 different languages)
• Installing language pack after CU requires CU to be applied again
to get language dependent files for new language pack patched
CUs – Patchable Components

21. • 13*(x+1) patchable components
• sts / wssmui-* – Core SharePoint Foundation components
• coreserver, coreservermui-* – Core SharePoint server component
• acsrvwfe, acsrvmui-* – Access Server component
• eduwfe, edumui-* – Education Server component
• ifswfe, ifsmui-* – Infopath Form Server component
• lpsrvwfe, lpssrvmui-* – Slide library component
• osfserver, osfservermui-* – SharePoint 2013 workflow component
• ppsmawfe, ppsmamui-* – SharePoint BI and analytics component
• pptserver, pptservermui-* – PowerPoint conversion service component
• sms, smsmui-* – translation service component
• vsrvwfe, vsrvmui-* – Visio service component
• wdsrv, wdsrvmui-* – Word automation services component
• xlsrvwfe, xlsrvmui-* – Excel services component
Patching Granularity – SP2013

22. • All SharePoint fixes are cumulative per component
• Not every CU includes fixes for all components
Cumulative Update

23. Patching of SharePoint components

24. „Uber“ Packages

25. • All SharePoint fixes are cumulative per component
• Uber package contains also fixes for components
patched in previous CUs
• Uber packages simplifies keeping a consistent patch
level
Cumulative Update vs. Uber Package

26. • (x+1) patchable components
• sts – language independent parts of SharePoint Server + Project Server
• sts-x-none
• wssmui – language dependent parts of SharePoint Server + Project Server
• wssmui-en-us.msp
• wssmui-de-de.msp
• wssmui-fr-fr.msp
• wssmui-pt-pt.msp
• … (overall 51 different languages)
• Only two components  No need for Uber packages
Patching Granularity – SP2016

27. • Benefits:
• Reduced install time (each MSP stops and restarts the SharePoint application
pools and OWSTIMER)
• Reduced package size (in SP2013 multiple components rely on the same dlls
which have to be included in each MSP)
• Caveat:
• Reduced granularity for SharePoint security fixes
Patching Granularity – SP2016

28. • Include Security fixes and other important fixes
• Cumulative for the same component
• Includes also all non-security fixes for the same component released in the same
and previous months
• Distributed through Microsoft Update
• Should be evaluated and installed as soon as possible
• Included in CUs released in the same and later months
Public Updates

29. Public Updates

31. Build Numbers
• Major = Office 15
• Minor = always 0
• Build = Internal build number
• 4420 = RTM
• 4571 = SP1 - rereleased
• 4833 = June 2016 Cumulative Update
• Revision = Update type
• 15xx = Service Pack mainly
• 30xx = Private build
• 10xx = Cumulative Update
• 500x = COD Build or regression update

32. • Patch baseline set by service packs
• One exception: March 2013 PU for SP2013 also set a new baseline
• CUs/PUs include changes since a given baseline
• Often we support more than one baseline
• RTM + SP1, Old-SP1 + New SP1, SP1 + SP2, …
• Patch level determines which patches are installed
• E.g. March 2016 CU patch level on top of a SP1 baseline
Patch level vs. Patch baseline

33. • Extract the patch using /extract:path flag
• Inspect the XML for the msp (e.g. acsrvmui-de-de.xml)
Identifying the required patch baseline

34. • For simple scenarios:
• Powershell script from my blog
• https://blogs.technet.microsoft.com/stefan_gossner/2015/04/20/powershell-script-to-display-version-info-for-installed-
sharepoint-product-and-language-packs/
• For more complex scenarios:
• Roiscan vbs script written by Holger Bolduan, one of my colleagues from the
Office Support Team
• https://gallery.technet.microsoft.com/office/68b80aba-130d-4ad4-aa45-832b1ee49602
Identifying installed patch baseline

35. • Does not exist!
• Each component has it‘s individual patch level
• You cannot look at a single version number
• Config DB Version in CA is not a farm patch level!
• (get-spfarm).buildversion is not a farm patch level!
• Look at the patch level of each component
Farm Patch level

36. SharePoint Version numbers – Overview

37. • June 2016 CU
15.0.4833.1000
• July 2016 CU
15.0.4841.1000
(Typical file version numbers after applying July 2016 CU)
File Version

38. Farm Patch level

39. Farm Patch level
Patch Status Page in Central Admin

40. • Patching Order:
• Service farms
• My site farm
• Content farms
• Service farms support connections with consumer
farms on lower patch level.
• Consuming services from a farm with an older
version of the software can cause issues.
Multi-Farm Environments

42. • PSCONFIG is required after all(!) SharePoint fixes
• Service Packs
• CUs
• PUs
• PSCONFIG operations
• Update database schema
• Copy updated DLLs to _app_bin directories
• Installs new and updated features
• Installs new and updated SharePoint services
• Updates Filesystem ACLs
• …
See: https://blogs.technet.microsoft.com/stefan_gossner/2015/09/09/why-we-recommend-require-to-run-the-configuration-wizard-also-for-
security-fixes/
When to use PSCONFIG

43. • PSConfigUI
• Runs all required steps automatically
• Cannot be automated
• PSConfig
• Only executes the steps specified in the command (granularity)
• Can be automated
• Recommended command:
• PSConfig.exe
-cmd upgrade -inplace b2b -wait
-cmd applicationcontent -install
-cmd installfeatures
-cmd secureresources
-cmd services -install
See: https://blogs.technet.microsoft.com/stefan_gossner/2015/08/20/why-i-prefer-psconfigui-exe-over-psconfig-exe/
How to use PSConfig

44. • IIS website deleted for SPWebApplication
• Web.config missing in IIS website
• Features used in sites/site collections removed from
farm / machine
See: https://support.microsoft.com/en-us/kb/944267
Common Problems

45. • PSConfig reports upgrade required
• Fix missing?
• Config DB info is out of sync with actual patch level
• Get-SPProduct -local
Common Problems

46. • Check PSCDiagnostics log
• Check upgrade log
Troubleshooting

47. • Enhanced Error Reporting
• SP2016: Aug 2016 CU
• SP2013: Dec 2016 CU
With recent CU installed

48. Q&A

49. Thank you!