You may have patches in your job that require system to reboot after they are installed or rolled back. You can configure a job to either suppress a reboot for an indefinite period of time or defer it by a Y time duration for an X number of times where X and Y is configurable. To configure these options, go to the Options tab in the Create/Edit a Job wizard.
The Reboot messages section on the Options tab allows you to:
- suppress a reboot
- defer a reboot and show countdown after the deferment limit is reached
Suppress reboot option allows you to patch systems in advance and defer reboot till the maintenance window. To enable this option, go to the Create and Edit wizard job, navigate to the “Options” tab and enable “Suppress Reboot” in the “Reboot messages” section. You can suppress reboot indefinitely, as maybe required for the Server class Windows machines. Although this option is recommended for Server class assets only, it can be used for non-server assets too.
Microsoft claims that a system is in a “Volatile” state, after upgrades are carried out and before the necessary reboots.
Volatile systems may display undesirable and unpredictable behavior or side effects. That is why we recommend to keep the time interval between patching your assets and rebooting them as minimum as possible. Exercise personal judgement before activating this option.
A patch that is marked as “Reboot required” is NOT completely applied till the Reboot actually happens, after the job is run.
For Windows jobs, the "Suppress Reboot" option should be used with caution as it blocks all subsequent jobs till the reboot happens which allows the job to be marked as complete. Such a job will also be reported as "Pending Reboot", till the manual reboot is applied.
For Linux jobs, the "Suppress Reboot" option will NOT block subsequent jobs but such a job and all subsequently executed jobs will also be reported as "Pending Reboot", till the manual reboot is applied.
Note: For patches dependent on other “Reboot required” patches, in some
cases are as good as NOT applied, if the reboot is suppressed.
Reboot is an option on the level of a job, not per patch. If no user is logged in, the reboot will start immediately after completing patch deployment. Need for a reboot is determined on a job level, based on patches in the job. A user can override auto reboot of a job by manually rebooting the system before the scheduled reboot time. In case of multiple patches requiring reboot, deployment of all patches needs to be completed/ attempted before the reboot can be applied. Some patches initially indicate “Reboot required” but may actually NOT require it, based on the context/ state of the system. In such cases, the reboot prompts are suppressed automatically, for being Not Applicable.
You can configure Reboot Request to defer a reboot for a duration between 1 minute and 1440 minutes/ 24 hours. You can defer a reboot between 1 – 9 times, for a period of 1 – 1440 minutes each time.
Ideal reboot configurations recommended are as follows:
- Defer reboot by 1 – 15 minutes for 1 – 5 times for Urgent rollout of Critical Patches.
- Defer reboot by 1 hour for 9 – 12 times. Allows you to defer for maximum of 1 working day. 1 hour interval allows a more granular control but too frequent interruption to user. 2- 4 hours deferments 3 – 6 times can also help achieve the same. Best choice depends on the organizational context.
- Defer reboot by 8 hours for 3 times. Allows you to defer reboot for maximum of 1 working day at 8 hours interval.
- Defer reboot by 24 hours for 2 – 7 times. Allows you to defer till end of the working week/ calendar week.
Deferring beyond a week is NOT recommended. For any reason, if you need to defer reboot beyond a week then we recommend using Suppress Reboot option.
The “Reboot Countdown” is recommended to be enabled whenever reboot is NOT suppressed. For Windows jobs, the Reboot Countdown is enabled by default and the default time is set for 15 minutes. On Linux, the Reboot Countdown is disabled by default. If you enable it, the default time will be set for 15 minutes. However, you can reduced to 1 minute or increase it to maximum of 24 hours.
If deferment limit is set in the Reboot Request, then setting this option shows countdown message to users after deferment limit is reached. It ensures an explicit indication of remaining time before a reboot, so that end user is not surprised by a sudden reboot. Reboot countdown can be configured to show the countdown message before minimum 1 minute and maximum 24 hours/1440 minutes. We recommend you to set the reboot countdown of 15 minutes for your assets.
Based on the configured settings, after the 3 deferments are done, a dialogue box with a warning to save the work is shown. If you click Reboot Now, your system reboot immediately. However, if you click Cancel, the system will automatically reboot after 15 minutes, or the duration you have set while creating the job.