• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2779
  • Last Modified:

wsus and issue with service pack 1 and internet explorer 11 for windows 7

I have WSUS 3.2 on windows server 2008 R2 and was testing on windows 7 32/64bit clients.
All updates are installed, but service pack 1 is approved and set to install for the computer groups I assigned, but client(windows 7 32/64 bit) doesn't pull the update. Also Internet explorer 11 is not on synced list. Two major updates I could first think of didn't work with WSUS...

When I look at WindowsUpdate.log, It doesn't have any record for "service pack 1".

This leads to me to think, if all the updates were installed before service pack 1 is installed due to the SP1 install failure through WSUS, did I get all the garbage updates which were already included in service pack 1? I declined superseded updates, I'm not sure I'm doing the most ineffective updating right now. Or the updates already installed are the updates needed after service pack 1?  

Besides this problem, what are the updates in classification 'updates' and 'update rollups'? It seems as those are hotfixes not officially included in windows update release, but not sure...

WSUS 3.2 on Windows Server 2008 R2
  • 4
  • 3
3 Solutions
Cliff GaliherCommented:
SP1 (and IE11 for that matter) will only show up as an available update if all other important and critical security updates have been installed. These don't actually show up as superceded updates in windows, but are still included in the detection logic because there are known issues if the update agent tries to install them all at once.

So this means you'll want to look and make sure you don't have important updates declined, and it can take running windows update on the client with reboots multiple times to install the prerequisite updates.

As far as updates vs update rollups, they are all updates officially on windows update. But different products release updates differently. Exchange, for example, releases a quarterly update rollup. If you have exchange servers in your organization and don't have that category selected, you'll miss important updates for exchange because they are *only* released in rollup form. Same with SBS/Essentials.

So the two categories are meant to accomodate different ways that product teams may bundle up different updates.
crcsupportAuthor Commented:
I just finished updating win7 client. I went  through 3 times of restarting the PC (this is new installation of Windows 7 32bit). After it finished installing 112 updates, now it found service pack 1 as the last important update. Does it mean it installed all the updates which are not included in service pack 1 and it just had to install service pack 1 at the last step because it takes longer? I am confused because I thought all updates released after service pack 1 also depends on the service pack 1, but it doesn't seem so, it's applicable no matter SP1 is there or not...
crcsupportAuthor Commented:
"These don't actually show up as superceded updates in windows, but are still included in the detection logic because there are known issues if the update agent tries to install them all at once. "

Not quite understanding.
Do you mean that through WSUS, I have to install all updates released before SP1 is released in order to install SP1 through WSUS?
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Cliff GaliherCommented:
Once SP1 is installed, more updates will be found. 112 sounds about right pre-SP1.
crcsupportAuthor Commented:
I checked again my declined list of updates, there are none of important updates which are on top of supersedence. Also, because I expected the client will be installed IE11, I manually declined all updates releated to IE8,9,10. These are all in the declined list.
Cliff GaliherCommented:
Well, you said yourself that after you installed the other updates, SP1 showed up. Once you install SP1, more updates will show up. Rinse and repeat. Install. Reboot. Install. Reboot. IE11 will show up just like SP1 did. That is how WSUS works. It ensures updates install and reboot in the proper order to avoid conflicts.
crcsupportAuthor Commented:
I tracked how WSUS installs updates. This is what I found.

updates after sp1:

sp1 released on may 31 2011

updates before sp1:

-First, WSUS installs all updates prior to SP1, then install SP1, then updates after SP1 as you said. lol

-It's three steps to finish updating SP1+updates on windows 7. But WSUS shows all the updates installed correctly in list view while the client computer shows only updates before SP1 are downloaded and installed. Most confusing part is this. The report status for the computer shows now '0' updates installed and '83' updates needed to be installed. It just shows like nothing happened until now. 3 tells different story.  Is this something MS doesn't want us to know how inefficient WSUS push updates to clients?

- IE11 doesn't even show in available list of updates I can approve. Through research online, it has to be manually imported and approved. This is not a problem as I know now.

-I'm afraid to sync drives in classfication even I know there are some drivers I have to download. the list is well around 10,000. even declining and approving a few.

After a few more tests, I have to decide to keep this or not. Maybe I just let them all do Windows Update directly to MS with scheduled PS script.  benefits given by WSUS is less than confusion I get from this in my opinion.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now