?
Solved

wsus and issue with service pack 1 and internet explorer 11 for windows 7

Posted on 2014-02-18
7
Medium Priority
?
2,691 Views
Last Modified: 2014-02-19
I have WSUS 3.2 on windows server 2008 R2 and was testing on windows 7 32/64bit clients.
All updates are installed, but service pack 1 is approved and set to install for the computer groups I assigned, but client(windows 7 32/64 bit) doesn't pull the update. Also Internet explorer 11 is not on synced list. Two major updates I could first think of didn't work with WSUS...

When I look at WindowsUpdate.log, It doesn't have any record for "service pack 1".

This leads to me to think, if all the updates were installed before service pack 1 is installed due to the SP1 install failure through WSUS, did I get all the garbage updates which were already included in service pack 1? I declined superseded updates, I'm not sure I'm doing the most ineffective updating right now. Or the updates already installed are the updates needed after service pack 1?  

Besides this problem, what are the updates in classification 'updates' and 'update rollups'? It seems as those are hotfixes not officially included in windows update release, but not sure...

WSUS 3.2 on Windows Server 2008 R2
0
Comment
Question by:crcsupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 59

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 2000 total points
ID: 39869064
SP1 (and IE11 for that matter) will only show up as an available update if all other important and critical security updates have been installed. These don't actually show up as superceded updates in windows, but are still included in the detection logic because there are known issues if the update agent tries to install them all at once.

So this means you'll want to look and make sure you don't have important updates declined, and it can take running windows update on the client with reboots multiple times to install the prerequisite updates.

As far as updates vs update rollups, they are all updates officially on windows update. But different products release updates differently. Exchange, for example, releases a quarterly update rollup. If you have exchange servers in your organization and don't have that category selected, you'll miss important updates for exchange because they are *only* released in rollup form. Same with SBS/Essentials.

So the two categories are meant to accomodate different ways that product teams may bundle up different updates.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39869073
I just finished updating win7 client. I went  through 3 times of restarting the PC (this is new installation of Windows 7 32bit). After it finished installing 112 updates, now it found service pack 1 as the last important update. Does it mean it installed all the updates which are not included in service pack 1 and it just had to install service pack 1 at the last step because it takes longer? I am confused because I thought all updates released after service pack 1 also depends on the service pack 1, but it doesn't seem so, it's applicable no matter SP1 is there or not...
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39869083
"These don't actually show up as superceded updates in windows, but are still included in the detection logic because there are known issues if the update agent tries to install them all at once. "

Not quite understanding.
Do you mean that through WSUS, I have to install all updates released before SP1 is released in order to install SP1 through WSUS?
0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 
LVL 59

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 2000 total points
ID: 39869084
Once SP1 is installed, more updates will be found. 112 sounds about right pre-SP1.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39869088
I checked again my declined list of updates, there are none of important updates which are on top of supersedence. Also, because I expected the client will be installed IE11, I manually declined all updates releated to IE8,9,10. These are all in the declined list.
0
 
LVL 59

Accepted Solution

by:
Cliff Galiher earned 2000 total points
ID: 39869098
Well, you said yourself that after you installed the other updates, SP1 showed up. Once you install SP1, more updates will show up. Rinse and repeat. Install. Reboot. Install. Reboot. IE11 will show up just like SP1 did. That is how WSUS works. It ensures updates install and reboot in the proper order to avoid conflicts.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39870567
I tracked how WSUS installs updates. This is what I found.

updates after sp1:
kb2836942
kb2913751
kb2901112
kb2919469

sp1 released on may 31 2011

updates before sp1:
kb2387149
kb2378111

-First, WSUS installs all updates prior to SP1, then install SP1, then updates after SP1 as you said. lol

-It's three steps to finish updating SP1+updates on windows 7. But WSUS shows all the updates installed correctly in list view while the client computer shows only updates before SP1 are downloaded and installed. Most confusing part is this. The report status for the computer shows now '0' updates installed and '83' updates needed to be installed. It just shows like nothing happened until now. 3 tells different story.  Is this something MS doesn't want us to know how inefficient WSUS push updates to clients?

- IE11 doesn't even show in available list of updates I can approve. Through research online, it has to be manually imported and approved. This is not a problem as I know now.

-I'm afraid to sync drives in classfication even I know there are some drivers I have to download. the list is well around 10,000. even declining and approving a few.

After a few more tests, I have to decide to keep this or not. Maybe I just let them all do Windows Update directly to MS with scheduled PS script.  benefits given by WSUS is less than confusion I get from this in my opinion.
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question