wsus and issue with service pack 1 and internet explorer 11 for windows 7

Posted on 2014-02-18
Last Modified: 2014-02-19
I have WSUS 3.2 on windows server 2008 R2 and was testing on windows 7 32/64bit clients.
All updates are installed, but service pack 1 is approved and set to install for the computer groups I assigned, but client(windows 7 32/64 bit) doesn't pull the update. Also Internet explorer 11 is not on synced list. Two major updates I could first think of didn't work with WSUS...

When I look at WindowsUpdate.log, It doesn't have any record for "service pack 1".

This leads to me to think, if all the updates were installed before service pack 1 is installed due to the SP1 install failure through WSUS, did I get all the garbage updates which were already included in service pack 1? I declined superseded updates, I'm not sure I'm doing the most ineffective updating right now. Or the updates already installed are the updates needed after service pack 1?  

Besides this problem, what are the updates in classification 'updates' and 'update rollups'? It seems as those are hotfixes not officially included in windows update release, but not sure...

WSUS 3.2 on Windows Server 2008 R2
Question by:crcsupport
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 58

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 500 total points
ID: 39869064
SP1 (and IE11 for that matter) will only show up as an available update if all other important and critical security updates have been installed. These don't actually show up as superceded updates in windows, but are still included in the detection logic because there are known issues if the update agent tries to install them all at once.

So this means you'll want to look and make sure you don't have important updates declined, and it can take running windows update on the client with reboots multiple times to install the prerequisite updates.

As far as updates vs update rollups, they are all updates officially on windows update. But different products release updates differently. Exchange, for example, releases a quarterly update rollup. If you have exchange servers in your organization and don't have that category selected, you'll miss important updates for exchange because they are *only* released in rollup form. Same with SBS/Essentials.

So the two categories are meant to accomodate different ways that product teams may bundle up different updates.

Author Comment

ID: 39869073
I just finished updating win7 client. I went  through 3 times of restarting the PC (this is new installation of Windows 7 32bit). After it finished installing 112 updates, now it found service pack 1 as the last important update. Does it mean it installed all the updates which are not included in service pack 1 and it just had to install service pack 1 at the last step because it takes longer? I am confused because I thought all updates released after service pack 1 also depends on the service pack 1, but it doesn't seem so, it's applicable no matter SP1 is there or not...

Author Comment

ID: 39869083
"These don't actually show up as superceded updates in windows, but are still included in the detection logic because there are known issues if the update agent tries to install them all at once. "

Not quite understanding.
Do you mean that through WSUS, I have to install all updates released before SP1 is released in order to install SP1 through WSUS?
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

LVL 58

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 500 total points
ID: 39869084
Once SP1 is installed, more updates will be found. 112 sounds about right pre-SP1.

Author Comment

ID: 39869088
I checked again my declined list of updates, there are none of important updates which are on top of supersedence. Also, because I expected the client will be installed IE11, I manually declined all updates releated to IE8,9,10. These are all in the declined list.
LVL 58

Accepted Solution

Cliff Galiher earned 500 total points
ID: 39869098
Well, you said yourself that after you installed the other updates, SP1 showed up. Once you install SP1, more updates will show up. Rinse and repeat. Install. Reboot. Install. Reboot. IE11 will show up just like SP1 did. That is how WSUS works. It ensures updates install and reboot in the proper order to avoid conflicts.

Author Comment

ID: 39870567
I tracked how WSUS installs updates. This is what I found.

updates after sp1:

sp1 released on may 31 2011

updates before sp1:

-First, WSUS installs all updates prior to SP1, then install SP1, then updates after SP1 as you said. lol

-It's three steps to finish updating SP1+updates on windows 7. But WSUS shows all the updates installed correctly in list view while the client computer shows only updates before SP1 are downloaded and installed. Most confusing part is this. The report status for the computer shows now '0' updates installed and '83' updates needed to be installed. It just shows like nothing happened until now. 3 tells different story.  Is this something MS doesn't want us to know how inefficient WSUS push updates to clients?

- IE11 doesn't even show in available list of updates I can approve. Through research online, it has to be manually imported and approved. This is not a problem as I know now.

-I'm afraid to sync drives in classfication even I know there are some drivers I have to download. the list is well around 10,000. even declining and approving a few.

After a few more tests, I have to decide to keep this or not. Maybe I just let them all do Windows Update directly to MS with scheduled PS script.  benefits given by WSUS is less than confusion I get from this in my opinion.

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question