As of the 11th of June 2019 Microsoft released a new security update for Microsoft SharePoint Server 2016. This article shows the steps on how to simply deploy Microsoft SharePoint 2016 update. Currently there are 3 methods supported:
- Microsoft Update
- Microsoft Update Catalog
- Microsoft Download Center
This article refers to the first method. The entire process is straight forward. It is just a matter of enabling the Microsoft Update engine to search for other Microsoft products when updating Windows. Whereas this method makes it easy to automatically download and apply for the latest SharePoint 2016 Updates offers less control on how to install the patches itself. In general SharePoint updates require a staging and install phase. This is all prior to the actual configuration of the SharePoint Update. The good news is Microsoft made it very easy as the only additional step after installing the update is to run the main SharePoint Product Configuration Wizard or “PSConfigGUI.exe”. Default location for this one is:
“C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\BIN\psconfigui.exe”
What’s included in the SharePoint 2016 update as of June 2019?
This update as per KB 4464594 article includes the following fixes and improvements:
- Security updates
- Microsoft Common Vulnerabilities and Exposures CVE-2019-1031
- Microsoft Common Vulnerabilities and Exposures CVE-2019-1032
- Microsoft Common Vulnerabilities and Exposures CVE-2019-1033
- Microsoft Common Vulnerabilities and Exposures CVE-2019-1034
- Microsoft Common Vulnerabilities and Exposures CVE-2019-1036
- Feature Pack 2
- SharePoint Framework (SPFx)
- All Feature Pack 1 features plus
- Administrative Actions Logging
- MinRole enhancements
- SharePoint Custom Tiles
- Hybrid Auditing (preview)
- Hybrid Taxonomy
- OneDrive API for SharePoint on-premises
- OneDrive for Business modern user experience (available to Software Assurance customers)
- Various improvements and fixes
Next part of the article show the steps to install SharePoint 2016 updates. Before proceeding it is strongly advised to have a working backup of the entire SharePoint Application. Also Permissions for the account running the SharePoint update are crucial. This account should have:
- SecurityAdmin fixed server role on the SQL Server instance
- db_owner fixed database role on all databases that are to be updated
Local Administrator on the SharePoint server(s) to run the Microsoft PowerShell cmdlets
How to install SharePoint 2016 update
On the Windows Server(s) where the SharePoint components are running (Central Admin, Web Servers, App Servers) the first step is to enable the option to obtain updates for all Microsoft products installed. At this point at the next run the Microsoft Update will include the SharePoint Server ones and other components mainly dependencies like .NET, SQL and other popular libraries depending on installation.
In the meantime by browsing the SharePoint Central Administration Portal > Upgrade and Migration section the link to verify the current status for the major components in the SharePoint Farm.
The Manage Patch Status shows the current version and the install status for each component. It is possible to break down by Farm and Servers. In this case as a test deployment all components sit on the same Server.
This is useful for Production environments with 2 or even 3 Tiers deployments. The update process needs to be repeated on all Servers (Web and App).
From the Microsoft Update the latest SharePoint 2016 Update is now visible. Everything is now ready to install the patches.
At the completion and visiting again the Patch Status in the Central Admin it shows the latest SharePoint 2016 Update installed.
Next step is to validate the latest update by running the SharePoint Product configuration wizard.
The wizard will automatically stop the IIS and SharePoint services before proceeding with the configuration update.
The process is fairly quick are re-runs the 10 stages as the first time configuration install and update the necessary components.
The wizard now displays configuration completed successfully for the selected SharePoint Farm / ConfigDB.
A final look at the Central Admin to confirm Patch Status.
What if the SharePoint Farm is a 2 or 3 Tiers deployment? The following shows the steps sequence (from Microsoft article):
- Notify users that the farm will not be available during the update.
- Remove all web servers
- Run the update to install on the Application server that hosts Central Administration
- Run the update on all other Application servers that host Search components. Do not run the SharePoint Products Configuration Wizard on these servers at this time.
- Review the upgrade log files to verify that all the application servers were updated successfully. The upgrade log file and the upgrade error log file are located at %COMMONPROGRAMFILES%\Microsoft Shared\Web server extensions\16\LOGS.
- Log on to the first Web Server.
- Run the update on the Web Server.
- Run the update on the remaining Web Servers
- Review the upgrade log files to verify that all the Web Servers were updated successfully.
- Run the SharePoint Products Configuration Wizard on the Central Administration server. This will upgrade the configuration database and upgrade each content database.
- Run the SharePoint Products Configuration Wizard on the other App Servers.
- Run the SharePoint Products Configuration Wizard on the first Web Server.
- Repeat the preceding step for each remaining Web Server.
- Verify update completion and success.
- Add the remaining Web Servers to the Central Admin.
- Notify users that the farm is available.