How to apply ESU patches to your SQL Server 2012 servers

When running End of Support servers or SQL installs, it’s important to ensure you are receiving security patches for these servers/installs. It's also important to be actively planning to replace them with newer versions. 

In this blog post we walk through the process of ensuring you are subscribed to the relevant SQL Server 2012 Extended Security Updates (ESU) via Azure Arc. As well as walking you through the process of finding the latest patches and applying them.

Prerequisites

SQL Server Configuration

To receive patches for your SQL Server 2012 installs you need to subscribe to receive the Extended Security Updates (ESU).  

You must ensure that you have configured the “Licence Type” correctly and subscribed to the Extended Security Updates (ESU). 

You can check this by following these steps:

Open your Azure Portal

Select the Azure Arc management blade

Azure Portal

Click on SQL Server Instances down the left-hand side

Azure Arc portal.

Select a SQL server

Under SQL Server configuration you should see the licence type has been configured and the ESU subscription is Enabled

Azure Arc enabled SQL server

If these settings are not applied, or set you can click on SQL Server configuration to correct this and set the required settings. 

Download the Extended Security Updates for SQL Server 2012

Once you have subscribed to the ESU subscription the service will take a few moments to update and provide feedback to you regarding the available patches for your server.   Once this update has happened under the “Security” section on the left-hand side menu you will see an option called Extended Security Updates. 

If you select this you will be shown a list of updates available for you to download and install on your server. 

Extended Security Updates for SQL server

In this example, I am being shown two patches. They are the same patch, but one is relevant to x64 architecture and one for x86 architecture.  You would only need to download and apply the patch relevant to your architecture. 

In this scenario, I am running a x64 server so I would use the download link for the x64 patch, which is the top one in the screenshot. 

By clicking on the download link I get an .exe file that I can manually install on my server. 

Install Extended Security Updates for SQL Server 2012

With the patch, or exe file downloaded you can now install it on your server.   To do this double check on the exe. 

You will be prompted by a security warning asking if you want to proceed, click on Run. 

The file will start to extract and launch the install wizard. 

Install extended security update on SQL

Walk through the install process as directed, and the patch will install successfully. 

Install extended security update on SQL

Check an Extended Security Updates for SQL Server 2012 has been installed

To check if the patch has been installed correctly you can open up SQL Management Studio and connect to your instance. 

Open up a New SQL query and type in:

select @@version

When you execute this query it will respond with the SQL version.  It should denote the last patch you installed.  In this example the patch I installed was KB5021123 and when I executed the query I got the output:

SQL version query

The version has been updated with the patch. 

Conclusion

In conclusion, ensuring the security and functionality of your End of Support servers and SQL installs is paramount. 

By following the steps outlined in this blog, from subscribing to Extended Security Updates via Azure Arc to downloading and installing the latest patches, you can confidently keep your environment protected and up-to-date. 

Stay proactive in managing your server infrastructure to mitigate risks and ensure smooth operations for your organization.