Windows 8.1 wsus problems

Posted on 2014-11-13
Medium Priority
Last Modified: 2016-02-19
Hi, we now have several windows 8.1 laptops on our domain network but we are having problems using wsus to update them.
Domain functional level is windows 2008 r2 and we have one 2012 R2 DC.
We are applying wsus through GPO.

The laptops receive all the correct GPO settings and recieve the updates (event logs show files downloaded)

That's about it, the updates never seem to get installed.

There's an error along the lines of:
"Installation ready: updates are ready... to install updates an administrator should log on.. windows will prompt with further instructions..."

Non admins are approved to approve updates via the gpo (and have checked the registry)

Logged on user is an administrator of the laptop anyway.

Help appreciated.
Question by:Paul Blackmore
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4

Expert Comment

by:Rob G
ID: 40440452
What version of WSUS is it?
There was a service pack to WSUS to address issues with windows 8.1
The WSUS server in some versions have a bug that they see 8.1 as windows XP x64 and cannot apply the updates. The errors you get from this are all sorts of weird..

Another bug is UAC controls with Updates, you must have UAC enabled to get the updates to install with WSUS on 8.1

I had to create another GPO, Clone of the Win7 Ones to correct this issue, with UAC enabled, and drop all of the 8.1 machines into that GPO.

Author Comment

by:Paul Blackmore
ID: 40440471
WSUS is latest verion. The updates are getting to the laptop. UAC has been turned off (manually not by GPO), I'll re-enable it to see if it makes any difference. Thanks

Author Comment

by:Paul Blackmore
ID: 40440502
Nope, I've enabled UAC, no change (and approved a few more updates to poss give it a kick)
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more


Expert Comment

by:Rob G
ID: 40440512
Do you see anything in the Windowsupdate.log file?
If you do Windows key + R and type in WindowsUpdate.LOG you will have a text file come up..
It should give you additional info as to what is actually occurring..

Author Comment

by:Paul Blackmore
ID: 40440575
2014-11-13      17:47:34:263       904      9d0      Report      CWERReporter finished handling 8 events. (00000000)
2014-11-13      17:47:37:085       904      d94      Agent        * Added update {9FED22FC-CDD2-4724-8463-C08F21DE6196}.204 to search result
2014-11-13      17:47:37:085       904      d94      Agent        * Added update {48585DD4-FB49-487C-BBED-2BB96A1A8A3A}.200 to search result
2014-11-13      17:47:37:085       904      d94      Agent      Update {61C88EDE-FCD7-4C91-809E-A7E58FB97E3C}.200 is pruned out due to potential supersedence
2014-11-13      17:47:37:085       904      d94      Agent        * Added update {0DACBEA9-4019-4E5C-B551-6AF2823BBAA5}.200 to search result
2014-11-13      17:47:37:085       904      d94      Agent        * Added update {54254032-E629-4ADC-BA84-CE1B9BA9F281}.200 to search result
2014-11-13      17:47:37:085       904      d94      Agent        * Added update {AB8A49A4-532E-4767-A514-E98DD08CBAB9}.200 to search result
2014-11-13      17:47:37:085       904      d94      Agent      Update {5B241E6A-BC17-44F1-AC7E-10D3BB21FDCB}.200 is pruned out due to potential supersedence
2014-11-13      17:47:37:085       904      d94      Agent      Update {D59F5FEA-5C29-4CF5-8416-D7279FFB585A}.201 is pruned out due to potential supersedence
2014-11-13      17:47:37:085       904      d94      Agent      Update {A070249A-3B10-4E2D-A56D-8C3414936358}.200 is pruned out due to potential supersedence
2014-11-13      17:47:37:085       904      d94      Agent      Update {F4242AA0-9C5F-4882-8306-2E75CC370FAA}.200 is pruned out due to potential supersedence
2014-11-13      17:47:37:085       904      d94      Agent      Update {5E51B95B-C253-4BCE-B304-F475A05DA58C}.200 is pruned out due to potential supersedence
2014-11-13      17:47:37:085       904      d94      Agent      Update {14295203-7DDA-4388-B7C7-86FE10E6973C}.200 is pruned out due to potential supersedence
2014-11-13      17:47:37:085       904      d94      Agent        * Added update {64A69324-3A89-43F3-B658-3B3168DFBA34}.200 to search result
2014-11-13      17:47:37:085       904      d94      Agent        * Added update {E219B681-EA39-4EBC-BE81-AE6EAB998936}.200 to search result
2014-11-13      17:47:37:085       904      d94      Agent        * Found 7 updates and 77 categories in search; evaluated appl. rules of 3123 out of 4490 deployed entities
2014-11-13      17:47:37:085       904      d94      Agent      Reporting status event with 192 installable, 57 installed,  0 installed pending, 0 failed and 7 downloaded updates
2014-11-13      17:47:37:085       904      d94      Agent      *********
2014-11-13      17:47:37:085       904      d94      Agent      **  END  **  Agent: Finding updates [CallerId = Windows Update Command Line  Id = 44]
2014-11-13      17:47:37:085       904      d94      Agent      *************
2014-11-13      17:47:37:085       904      d94      IdleTmr      WU operation (CSearchCall::Init ID 44, operation # 3346) stopped; does use network; is not at background priority
2014-11-13      17:47:37:085       904      d94      IdleTmr      Decremented idle timer priority operation counter to 0
2014-11-13      17:47:37:085       904      dac      AU      >>##  RESUMED  ## AU: Search for updates [CallId = {9433486F-02C1-4E02-90FD-2E6305466A5D} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2014-11-13      17:47:37:085       904      dac      AU        # 7 updates detected
2014-11-13      17:47:37:085       904      dac      AU      #########
2014-11-13      17:47:37:147       904      dac      AU      ##  END  ##  AU: Search for updates  [CallId = {9433486F-02C1-4E02-90FD-2E6305466A5D} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2014-11-13      17:47:37:147       904      dac      AU      #############
2014-11-13      17:47:37:147       904      dac      AU      All AU searches complete.
2014-11-13      17:47:37:147       904      dac      AU      AU setting next detection timeout to 2014-11-14 12:13:29

Author Comment

by:Paul Blackmore
ID: 40440581
This is last bit of windows log. There are 7 downloaded updates but I cant seem to get anyway of installing them.

Author Comment

by:Paul Blackmore
ID: 40440597
By switching from option 4 (Download and schedule) to option 3 (Download and notify) I've now got a message on action centre that there are updates that need to be approved but no way of approving them?

Expert Comment

by:Rob G
ID: 40440623
What is the setting in the GPO?
It should be set to a time to install them..
What time is it set to install updates?

There are a few settings:
1. Notify for download and notify for install
2. Auto Download and notify for installation
3. Auto Download and schedule the installation
4. Allow local admin to choose the settings

In those settings you have additional settings:
1. Schedule installation time of day
1-1. everyday or Monday - Sunday
2. Scheduled Time of day for installation
2-1. 24hour clock based on time for installation

Another variable here:
If you have "delay restart for scheduled installation" set to enabled;
The system will not install the updates till after the next reboot.

assuming you have rebooted, since you had to make the UAC control changes, the policy definition will determine when the system actually applies the updates.. Otherwise it would be better to not define anything, accept for the "specify intranet Microsoft update service location" and set the client machines to auto update, and reboot at will.. ;)

The logs, though, they look good..
No errors from what i can see..

Expert Comment

by:Rob G
ID: 40440630
The approval process needs to take place on the WSUS console.
While the user is an administrator that is allowed to locally OK what to install, the domain admin on the WSUS Server needs to approve the actual update prior to it being OK for the local admin to install or not install..

Is the Server hosting WSUS fully updated?
While the WSUS system itself has a variety of updates, there are some updates in the hosted OS that help as well.. Specifically with Signed certificates..

Accepted Solution

Paul Blackmore earned 0 total points
ID: 40486307
I've given up on this one. My GPO for windows 8.1 updates just points to our wsus server so that we can at least control what updates are received, all the other wsus settings I've controlled via registry edits.

Author Closing Comment

by:Paul Blackmore
ID: 40495788
Not fixed but a workaround until I have time to look more in depth at this.

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question