Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

wsus and issue with service pack 1 and internet explorer 11 for windows 7

Posted on 2014-02-18
7
Medium Priority
?
2,747 Views
Last Modified: 2014-02-19
I have WSUS 3.2 on windows server 2008 R2 and was testing on windows 7 32/64bit clients.
All updates are installed, but service pack 1 is approved and set to install for the computer groups I assigned, but client(windows 7 32/64 bit) doesn't pull the update. Also Internet explorer 11 is not on synced list. Two major updates I could first think of didn't work with WSUS...

When I look at WindowsUpdate.log, It doesn't have any record for "service pack 1".

This leads to me to think, if all the updates were installed before service pack 1 is installed due to the SP1 install failure through WSUS, did I get all the garbage updates which were already included in service pack 1? I declined superseded updates, I'm not sure I'm doing the most ineffective updating right now. Or the updates already installed are the updates needed after service pack 1?  

Besides this problem, what are the updates in classification 'updates' and 'update rollups'? It seems as those are hotfixes not officially included in windows update release, but not sure...

WSUS 3.2 on Windows Server 2008 R2
0
Comment
Question by:crcsupport
  • 4
  • 3
7 Comments
 
LVL 60

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 2000 total points
ID: 39869064
SP1 (and IE11 for that matter) will only show up as an available update if all other important and critical security updates have been installed. These don't actually show up as superceded updates in windows, but are still included in the detection logic because there are known issues if the update agent tries to install them all at once.

So this means you'll want to look and make sure you don't have important updates declined, and it can take running windows update on the client with reboots multiple times to install the prerequisite updates.

As far as updates vs update rollups, they are all updates officially on windows update. But different products release updates differently. Exchange, for example, releases a quarterly update rollup. If you have exchange servers in your organization and don't have that category selected, you'll miss important updates for exchange because they are *only* released in rollup form. Same with SBS/Essentials.

So the two categories are meant to accomodate different ways that product teams may bundle up different updates.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39869073
I just finished updating win7 client. I went  through 3 times of restarting the PC (this is new installation of Windows 7 32bit). After it finished installing 112 updates, now it found service pack 1 as the last important update. Does it mean it installed all the updates which are not included in service pack 1 and it just had to install service pack 1 at the last step because it takes longer? I am confused because I thought all updates released after service pack 1 also depends on the service pack 1, but it doesn't seem so, it's applicable no matter SP1 is there or not...
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39869083
"These don't actually show up as superceded updates in windows, but are still included in the detection logic because there are known issues if the update agent tries to install them all at once. "

Not quite understanding.
Do you mean that through WSUS, I have to install all updates released before SP1 is released in order to install SP1 through WSUS?
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
LVL 60

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 2000 total points
ID: 39869084
Once SP1 is installed, more updates will be found. 112 sounds about right pre-SP1.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39869088
I checked again my declined list of updates, there are none of important updates which are on top of supersedence. Also, because I expected the client will be installed IE11, I manually declined all updates releated to IE8,9,10. These are all in the declined list.
0
 
LVL 60

Accepted Solution

by:
Cliff Galiher earned 2000 total points
ID: 39869098
Well, you said yourself that after you installed the other updates, SP1 showed up. Once you install SP1, more updates will show up. Rinse and repeat. Install. Reboot. Install. Reboot. IE11 will show up just like SP1 did. That is how WSUS works. It ensures updates install and reboot in the proper order to avoid conflicts.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39870567
I tracked how WSUS installs updates. This is what I found.

updates after sp1:
kb2836942
kb2913751
kb2901112
kb2919469

sp1 released on may 31 2011

updates before sp1:
kb2387149
kb2378111

-First, WSUS installs all updates prior to SP1, then install SP1, then updates after SP1 as you said. lol

-It's three steps to finish updating SP1+updates on windows 7. But WSUS shows all the updates installed correctly in list view while the client computer shows only updates before SP1 are downloaded and installed. Most confusing part is this. The report status for the computer shows now '0' updates installed and '83' updates needed to be installed. It just shows like nothing happened until now. 3 tells different story.  Is this something MS doesn't want us to know how inefficient WSUS push updates to clients?

- IE11 doesn't even show in available list of updates I can approve. Through research online, it has to be manually imported and approved. This is not a problem as I know now.

-I'm afraid to sync drives in classfication even I know there are some drivers I have to download. the list is well around 10,000. even declining and approving a few.

After a few more tests, I have to decide to keep this or not. Maybe I just let them all do Windows Update directly to MS with scheduled PS script.  benefits given by WSUS is less than confusion I get from this in my opinion.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

575 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question