January 10, 2018 at 5:50 am
david.abram - Tuesday, January 9, 2018 7:09 AMCaution needs to be aired when following the recommendations in the SQL KB article (https://support.microsoft.com/en-us/help/4073225/guidance-for-sql-server) when you are using hosting a SCCM Config Manager database.A Technet blog says (link below);
- Running SQL Server with CLR enabled (sp_configure ‘clr enabled’, 1)
- Using Linked Servers (sp_addlinkedserver)
I hope that helps.
On what you quoted, I wonder what the heck it is that they actually mean. They really need to not assume that people know exactly what they're talking about for this problem because Mom'n'Pop need to fix their stuff, as well.
--Jeff Moden
Change is inevitable... Change for the better is not.
January 10, 2018 at 10:20 am
Updated with 2008 / 2008R2 patches
January 16, 2018 at 2:21 am
And now I can finally start testing the 2012 update. https://www.microsoft.com/en-us/download/details.aspx?id=56490
Thom~
Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
Larnu.uk
January 16, 2018 at 8:37 am
Thanks, post updated.
January 16, 2018 at 10:08 am
Any downsides in performance that is actually encountered when patches are applied ?
______________________________________________________________________________________________________________________________________________________________________________________
HTH !
Kin
MCTS : 2005, 2008
Active SQL Server Community Contributor 🙂
January 16, 2018 at 12:24 pm
There isn't a general "performance is worse" statement that I've seen, or that I think can be made. The impact is very workload dependent. It seems some of the other db platforms have reported issues from customers, but I've seen quite a few SQL Server people note no impact.
January 18, 2018 at 7:53 am
Why isn't this SQL Server KB showing up in Windows Update? I feel like these have showed up there in the past, though since we're on 2008 R2 it's been a while and I may be mis-remembering.
Be still, and know that I am God - Psalm 46:10
January 18, 2018 at 8:34 am
david.gugg - Thursday, January 18, 2018 7:53 AMWhy isn't this SQL Server KB showing up in Windows Update? I feel like these have showed up there in the past, though since we're on 2008 R2 it's been a while and I may be mis-remembering.
Windows Server 2012 R2's certainly did. As did the SQL Server 2012 SP3 GDR patch. If you're in a domain, and using WSUS, it might just be that your Network Administrator hasn't authorised the update yet.
Thom~
Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
Larnu.uk
January 18, 2018 at 11:25 am
Not sure. I know the release was slow and staggered for patches.
January 22, 2018 at 9:30 am
Steve Jones - SSC Editor - Wednesday, January 10, 2018 10:20 AMUpdated with 2008 / 2008R2 patches
Speaking of 2008 and 2008R2, our organization was just beginning a project to apply the patches that were provided for TLS 1.2.
1008R2 - KB3045314 OR KB3045316, the difference being either a QFE or a GDR.
I understand that none of these are cumulative updates. Knowing that, is there a way to tell whether 1) the Spectre/Meltdown GDR patch will overwrite the TLS 1.2 capability, and whether our choice of the QFE or GDR (for TLS 1.2) will make a difference?
Thanks to all for sharing your expertise.
- Mike
Mike Hinds Lead Database Administrator1st Source BankMCP, MCTS
January 22, 2018 at 2:11 pm
You should be on a particular branch of patching. The GDRs are usually for someone that is patched with the normal branching. If you look through the build list, you should see where your current build will fit and then decide whether you're on a GDR branch or not.
There are really only two branches of code for a version. These are usually the current and previous SP levels. Any patches for CUs or security updates are merged into the branch at the current level, which is then released. If you applied later CUs than this security update, these CUs include the TLS patches. If you're back on 10.50.4042 or so, you're in SP2 and way behind.
All patches are cumulative, but you enter the patch cycle in a different place, depending on whether you're current or not. I think QFEs sometimes go our early and GDRs come later, but they all get patched. I go by versions, not worrying too much about the QFE/GDR stuff, especially if I'm deploying later. I think once you've gone GDR , you're always on that branch of deployment.
January 22, 2018 at 2:11 pm
Sorry, 2008 R2 build list: http://www.sqlservercentral.com/articles/SQL+Server+2008+R2/70092/
January 23, 2018 at 4:57 am
Steve Jones - SSC Editor - Monday, January 22, 2018 2:11 PMYou should be on a particular branch of patching. The GDRs are usually for someone that is patched with the normal branching. If you look through the build list, you should see where your current build will fit and then decide whether you're on a GDR branch or not.There are really only two branches of code for a version. These are usually the current and previous SP levels. Any patches for CUs or security updates are merged into the branch at the current level, which is then released. If you applied later CUs than this security update, these CUs include the TLS patches. If you're back on 10.50.4042 or so, you're in SP2 and way behind.
All patches are cumulative, but you enter the patch cycle in a different place, depending on whether you're current or not. I think QFEs sometimes go our early and GDRs come later, but they all get patched. I go by versions, not worrying too much about the QFE/GDR stuff, especially if I'm deploying later. I think once you've gone GDR , you're always on that branch of deployment.
Our 2008R2 SQLs are all on the "final" SP3 (10.50.6000), and they have the QFE security patch (10.50.6529) for MS15-058. If indeed all patches are cumulative, then it should be safe to test in our DEV environment applying first the TLS 1.2 patch (10.50.6542), and follow up with Meltdown/Spectre GDR (10.50.6560).
Did I mention I'll do that first in our DEV environment ? 🙂
Thanks, Steve!
Mike Hinds Lead Database Administrator1st Source BankMCP, MCTS
January 24, 2018 at 6:42 am
Has anyone had any issues enabling the two registry keys to enable the Meltdown / Spectre fixes for the OS?
https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution
I enabled these yesterday on one of my QA servers and it seemed to very adversely affect the performance of the server in general.
OS: Windows Server 2012R2
SQL: SQL 2014 SP2 CU7
The server is a virtual machine in an VMware ESXi cluster, which I do not know if it has or has not been patched for the vulns (which, considering VMware pulled their patches, I'd presume not.)
I've not put CU10 on SQL yet, as our anti-virus / anti-malware settings cause the update to report failure on the database engine, although SQL still starts up and reports the correct version. Running the CU a second time seems to work, but I'd rather have it work the first time, every time, so I'm working to get the AV settings relaxed.
February 1, 2018 at 8:24 am
Question:
Does it matter what order you do the OS patch and SQL Server patch? Some of my development servers I plan to do the SQL Server patch first, then the SA will do the OS patch.
Viewing 15 posts - 16 through 30 (of 36 total)
You must be logged in to reply to this topic. Login to reply