Forum Discussion

Bill_HC's avatar
Bill_HC
Level 2
12 years ago

Enterprise Vault and Microsoft patching

Hello, we are wondering if there are any Best Practices regarding Microsoft security patches on an Enterprise Vault server.  We usually patch quarterly, and it is time to apply patches.  Is there a site that lists the MS security patches that have been tested to work with an Enterprise Vault server?

We are running Windows 2008 R2 operating system and EV 10.0.3.

 

 

  • It is the same as most other application servers... Review forums, read alot, test in your lab... Hot fixes are not normally listed in the compatibility guide for enterprise vault, except old school OWA hot fixes which would break the EV OWA extensions from time to time. Quarterly sounds good... But test in your own lab.
  • There isn't unfortunately, the Symantec policy has always been only to certify against service packs and major releases.

    Very rarely they will make exceptions for patches that cause major issues, like when the Daylight Savings Time changes back in 2007, there was a lot of effort and QA involved to get that supported in time, because that had the ability to affect compliance and discovery

    Unfortunately though, so many patches and hotfixes are released by Microsoft that it would take a lot of QA resources to go against each of them. 

    Typically you can keep an eye on the forums as you can tend to see trends occuring when a patch or hotfix breaks soemthing with in EV and you can contact support etc if you actually have any issues.

    Typically though security patches don't have much bearing on EV functionality, it tends to be the Cumulative Updates to exchange that cause the anomalies

  • It is the same as most other application servers... Review forums, read alot, test in your lab... Hot fixes are not normally listed in the compatibility guide for enterprise vault, except old school OWA hot fixes which would break the EV OWA extensions from time to time. Quarterly sounds good... But test in your own lab.
  • There isn't unfortunately, the Symantec policy has always been only to certify against service packs and major releases.

    Very rarely they will make exceptions for patches that cause major issues, like when the Daylight Savings Time changes back in 2007, there was a lot of effort and QA involved to get that supported in time, because that had the ability to affect compliance and discovery

    Unfortunately though, so many patches and hotfixes are released by Microsoft that it would take a lot of QA resources to go against each of them. 

    Typically you can keep an eye on the forums as you can tend to see trends occuring when a patch or hotfix breaks soemthing with in EV and you can contact support etc if you actually have any issues.

    Typically though security patches don't have much bearing on EV functionality, it tends to be the Cumulative Updates to exchange that cause the anomalies

  • That sounds reasonable.  We usually don't install Exchange CU's or SP's until they've been officially vetted by all third parties.  We've been advised to avoid installing any Office or Outlook security patches on the EV Server as well, as they may break the MAPI functionality to the system mailboxes.  EV 10.0.3 uses a different version of Outlook (2007 Sp3 I believe) than our company standard.

     

     

  • I can tell you from personal experience, on 2008r2, we approve all critical, security, and service pack patches for the OS, one month behind MS schedule and have had no issues with EV for exchange, FSA, or eDiscovery.  The only issue that has come up out of this is occasionally when we update exchange and it fails over, we need to restart the EV services or the journal task will fail.