Can you apply 2008 R2 SP2 which is CU1-5 over SP1CU6

Question

My @@version reports

Microsoft SQL Server 2008 R2 (SP1) - 10.50.2811.0 (X64)   Apr  6 2012 01:59:29   Copyright (c) Microsoft Corporation  Enterprise Edition (64-bit) on Windows NT 6.1 <X64> (Build 7601: Service Pack 1) (Hypervisor)

(However, ODDLY, the Setup Discovery Report,  in installation center, titles itself “Microsoft SQL Server 2008 R2 SP1 Setup Discovery Report” and lists 10.51.2811.0 for all components(note the .51.))

http://support.microsoft.com/kb/321185  enumerates 10.50.2500.0 as Service Pack 1 and http://support.microsoft.com/kb/2567616  enumerates my version 10.50.2811 as CU6 which is what I have implemented…always applying SP1, then this CU around April of 2012. So I would strongly assert I am on SQL 2008 R2 Enterprise Edition  SP1 plus CU6. Why the setup discovery report lists this as 10.51. instead of 10.50 just is a MS inconsistency in reporting.

My issue however is that I had hoped that CU6 would be one CU before the SP2 rollup, however, my timing was wrong*, and it was one ahead. SP2(July) was CU1-5(February 2012). SP2 was released in late July at http://blogs.msdn.com/b/sqlreleaseservices/archive/2012/07/26/sql-server-2008-r2-sp2-is-now-available.aspx but did not include April CU6.

MY MAIN QUESTION  is what is the next best path for patching from SP1 plus CU6 on SQL 2008 R2(10.50.2811). Should I apply SP2(10.50.4000) and then maybe a SP2 CUx(but in a sense, I’m rolling back from CU6 to CU5 in that operation before I apply the SP2 CU) which will then put me on track again? This just seems a  little dangerous for the registry/dll registrations/any updates to system objects in sql.  OR should I accept that I am now out of sync so need to just apply latest CU for SP1 when needed and skip SP2 all together, and wait for SP3 to get back on track?

Thanks,

Forrest

 

*I was aggressive on patching because we did have one issue needing a CU, and living in a university network, aggressive security patching is also part of our life. I just happened to be going through a scheduled patching window at the same time MS was cutting over to SP2. Ugh.

 

 

 

 

---

UC Berkeley

Answer 1

Hi,

Firstly, determine if you really need to apply CUs. As MS states in it's CUs,

"A supported cumulative update package is now available from Microsoft. However, it is intended to correct only the problems that are described in this article. Apply it only to systems that are experiencing these specific problems."

However, if you needed the fixes in 2008 R2 SP1 CU6, MS states in http://support.microsoft.com/kb/2630458 :

"In addition to the fixes that are listed in this article, SQL Server 2008 R2 SP2 contains the hotfixes that were included in Cumulative Update 1 through Cumulative Update 5 for SQL Server 2008 R2 Service Pack 1 (SP1).

Note If you are upgrading from SQL Server 2008 R2 SP1 Cumulative Update 6, you must apply a post-SQL Server 2008 R2 SP2 cumulative update after you upgrade to SQL Server 2008 R2 SP2 to obtain all the fixes."

Therefore :
1. Apply SQL 2008 R2 SP2

2. If you really need the fixes that were in SP1 CU6, install SP2 CU1.

Rather than install every CU, have a policy around security (which you mentioned was important).

Eg. Search MS Security Bulletins
http://technet.microsoft.com/en-us/security/bulletin

Have a policy on if/when critical and/or important bulletins are responded to.

For example :
SQL 2008 R2 SP2 has a critical bulletin MS12-060.
Read the bulletin. It says "The update packages that apply to SQL Server 2005 and SQL Server 2008 are the same packages that apply to Microsoft Office." If you click on Microsoft SQL Server 2008 R2 for x64-based Systems Service Pack 2, there is a link to mscomctlocx2007-kb2687441-fullfile-x86-glb.exe, a Security Update for Microsoft Office 2007 suites (not a SQL CU). As it is critical, you would want to respond; however just applying CUs would not be sufficient.

SQL 2008 R2 RTM has an Important bulletin MS11-049.
In this case there was a GDR update for SQL 2008 R2 (Version 10.50.1600.1-10.50.1616) and a QFE update (version 10.50.1701-10.50.1789). Read the KB (ie. for GDR for x64 is KB2494088). Take note of known issues. CU8 was released 6 days after the security update was. Depending on your environment you may wish to respond to important bulletins also.

Personally I wouldn't apply every CU that is released unless it fixes a specific issue (which you described was the reason you applied one CU).

Answer 2

Hello,

Do not worry about the “51” displayed by the Discovery Report. Always use the build number provided by @@version.

CU3 is the latest cumulative update for SQL Server 2008 R2 SP2. Apply SP2 first, then apply CU3. Download them from the following links:

http://www.microsoft.com/en-us/download/details.aspx?id=30437 (SP2)

http://support.microsoft.com/kb/2754552 (CU3 for SP2)

Hope this helps.

Regards,

Alberto Morillo
SQLCoffee.com

Answer 3

Thanks for the comments. It seems two votes think it is OK to apply SP2(SP1CU5) over SP1CU6 and then continue on from there. I will test, but I hate getting out of sequence since any problem could be hidden and obscure. I don't really trust that the patch will understand where it is at and be 100% accurate on any sql system objects that may be changed in the process. Of course, with any patches, sequence is often critical.

---

UC Berkeley

Answer 4

Hello,

The instance is not out of sequence, base on the results of the @@version. It does not matter what the discovery report tells you, trust the information provided by @@version.

Hope this helps.

Regards,

Alberto Morillo
SQLCoffee.com