wsus and issue with service pack 1 and internet explorer 11 for windows 7

Posted on 2014-02-18
Last Modified: 2014-02-19
I have WSUS 3.2 on windows server 2008 R2 and was testing on windows 7 32/64bit clients.
All updates are installed, but service pack 1 is approved and set to install for the computer groups I assigned, but client(windows 7 32/64 bit) doesn't pull the update. Also Internet explorer 11 is not on synced list. Two major updates I could first think of didn't work with WSUS...

When I look at WindowsUpdate.log, It doesn't have any record for "service pack 1".

This leads to me to think, if all the updates were installed before service pack 1 is installed due to the SP1 install failure through WSUS, did I get all the garbage updates which were already included in service pack 1? I declined superseded updates, I'm not sure I'm doing the most ineffective updating right now. Or the updates already installed are the updates needed after service pack 1?  

Besides this problem, what are the updates in classification 'updates' and 'update rollups'? It seems as those are hotfixes not officially included in windows update release, but not sure...

WSUS 3.2 on Windows Server 2008 R2
Question by:crcsupport
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 58

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 500 total points
ID: 39869064
SP1 (and IE11 for that matter) will only show up as an available update if all other important and critical security updates have been installed. These don't actually show up as superceded updates in windows, but are still included in the detection logic because there are known issues if the update agent tries to install them all at once.

So this means you'll want to look and make sure you don't have important updates declined, and it can take running windows update on the client with reboots multiple times to install the prerequisite updates.

As far as updates vs update rollups, they are all updates officially on windows update. But different products release updates differently. Exchange, for example, releases a quarterly update rollup. If you have exchange servers in your organization and don't have that category selected, you'll miss important updates for exchange because they are *only* released in rollup form. Same with SBS/Essentials.

So the two categories are meant to accomodate different ways that product teams may bundle up different updates.

Author Comment

ID: 39869073
I just finished updating win7 client. I went  through 3 times of restarting the PC (this is new installation of Windows 7 32bit). After it finished installing 112 updates, now it found service pack 1 as the last important update. Does it mean it installed all the updates which are not included in service pack 1 and it just had to install service pack 1 at the last step because it takes longer? I am confused because I thought all updates released after service pack 1 also depends on the service pack 1, but it doesn't seem so, it's applicable no matter SP1 is there or not...

Author Comment

ID: 39869083
"These don't actually show up as superceded updates in windows, but are still included in the detection logic because there are known issues if the update agent tries to install them all at once. "

Not quite understanding.
Do you mean that through WSUS, I have to install all updates released before SP1 is released in order to install SP1 through WSUS?
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

LVL 58

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 500 total points
ID: 39869084
Once SP1 is installed, more updates will be found. 112 sounds about right pre-SP1.

Author Comment

ID: 39869088
I checked again my declined list of updates, there are none of important updates which are on top of supersedence. Also, because I expected the client will be installed IE11, I manually declined all updates releated to IE8,9,10. These are all in the declined list.
LVL 58

Accepted Solution

Cliff Galiher earned 500 total points
ID: 39869098
Well, you said yourself that after you installed the other updates, SP1 showed up. Once you install SP1, more updates will show up. Rinse and repeat. Install. Reboot. Install. Reboot. IE11 will show up just like SP1 did. That is how WSUS works. It ensures updates install and reboot in the proper order to avoid conflicts.

Author Comment

ID: 39870567
I tracked how WSUS installs updates. This is what I found.

updates after sp1:

sp1 released on may 31 2011

updates before sp1:

-First, WSUS installs all updates prior to SP1, then install SP1, then updates after SP1 as you said. lol

-It's three steps to finish updating SP1+updates on windows 7. But WSUS shows all the updates installed correctly in list view while the client computer shows only updates before SP1 are downloaded and installed. Most confusing part is this. The report status for the computer shows now '0' updates installed and '83' updates needed to be installed. It just shows like nothing happened until now. 3 tells different story.  Is this something MS doesn't want us to know how inefficient WSUS push updates to clients?

- IE11 doesn't even show in available list of updates I can approve. Through research online, it has to be manually imported and approved. This is not a problem as I know now.

-I'm afraid to sync drives in classfication even I know there are some drivers I have to download. the list is well around 10,000. even declining and approving a few.

After a few more tests, I have to decide to keep this or not. Maybe I just let them all do Windows Update directly to MS with scheduled PS script.  benefits given by WSUS is less than confusion I get from this in my opinion.

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question