Windows 8.1 wsus problems

Posted on 2014-11-13
Last Modified: 2016-02-19
Hi, we now have several windows 8.1 laptops on our domain network but we are having problems using wsus to update them.
Domain functional level is windows 2008 r2 and we have one 2012 R2 DC.
We are applying wsus through GPO.

The laptops receive all the correct GPO settings and recieve the updates (event logs show files downloaded)

That's about it, the updates never seem to get installed.

There's an error along the lines of:
"Installation ready: updates are ready... to install updates an administrator should log on.. windows will prompt with further instructions..."

Non admins are approved to approve updates via the gpo (and have checked the registry)

Logged on user is an administrator of the laptop anyway.

Help appreciated.
Question by:Paul Blackmore
  • 7
  • 4

Expert Comment

by:Rob G
ID: 40440452
What version of WSUS is it?
There was a service pack to WSUS to address issues with windows 8.1
The WSUS server in some versions have a bug that they see 8.1 as windows XP x64 and cannot apply the updates. The errors you get from this are all sorts of weird..

Another bug is UAC controls with Updates, you must have UAC enabled to get the updates to install with WSUS on 8.1

I had to create another GPO, Clone of the Win7 Ones to correct this issue, with UAC enabled, and drop all of the 8.1 machines into that GPO.

Author Comment

by:Paul Blackmore
ID: 40440471
WSUS is latest verion. The updates are getting to the laptop. UAC has been turned off (manually not by GPO), I'll re-enable it to see if it makes any difference. Thanks

Author Comment

by:Paul Blackmore
ID: 40440502
Nope, I've enabled UAC, no change (and approved a few more updates to poss give it a kick)
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.


Expert Comment

by:Rob G
ID: 40440512
Do you see anything in the Windowsupdate.log file?
If you do Windows key + R and type in WindowsUpdate.LOG you will have a text file come up..
It should give you additional info as to what is actually occurring..

Author Comment

by:Paul Blackmore
ID: 40440575
2014-11-13      17:47:34:263       904      9d0      Report      CWERReporter finished handling 8 events. (00000000)
2014-11-13      17:47:37:085       904      d94      Agent        * Added update {9FED22FC-CDD2-4724-8463-C08F21DE6196}.204 to search result
2014-11-13      17:47:37:085       904      d94      Agent        * Added update {48585DD4-FB49-487C-BBED-2BB96A1A8A3A}.200 to search result
2014-11-13      17:47:37:085       904      d94      Agent      Update {61C88EDE-FCD7-4C91-809E-A7E58FB97E3C}.200 is pruned out due to potential supersedence
2014-11-13      17:47:37:085       904      d94      Agent        * Added update {0DACBEA9-4019-4E5C-B551-6AF2823BBAA5}.200 to search result
2014-11-13      17:47:37:085       904      d94      Agent        * Added update {54254032-E629-4ADC-BA84-CE1B9BA9F281}.200 to search result
2014-11-13      17:47:37:085       904      d94      Agent        * Added update {AB8A49A4-532E-4767-A514-E98DD08CBAB9}.200 to search result
2014-11-13      17:47:37:085       904      d94      Agent      Update {5B241E6A-BC17-44F1-AC7E-10D3BB21FDCB}.200 is pruned out due to potential supersedence
2014-11-13      17:47:37:085       904      d94      Agent      Update {D59F5FEA-5C29-4CF5-8416-D7279FFB585A}.201 is pruned out due to potential supersedence
2014-11-13      17:47:37:085       904      d94      Agent      Update {A070249A-3B10-4E2D-A56D-8C3414936358}.200 is pruned out due to potential supersedence
2014-11-13      17:47:37:085       904      d94      Agent      Update {F4242AA0-9C5F-4882-8306-2E75CC370FAA}.200 is pruned out due to potential supersedence
2014-11-13      17:47:37:085       904      d94      Agent      Update {5E51B95B-C253-4BCE-B304-F475A05DA58C}.200 is pruned out due to potential supersedence
2014-11-13      17:47:37:085       904      d94      Agent      Update {14295203-7DDA-4388-B7C7-86FE10E6973C}.200 is pruned out due to potential supersedence
2014-11-13      17:47:37:085       904      d94      Agent        * Added update {64A69324-3A89-43F3-B658-3B3168DFBA34}.200 to search result
2014-11-13      17:47:37:085       904      d94      Agent        * Added update {E219B681-EA39-4EBC-BE81-AE6EAB998936}.200 to search result
2014-11-13      17:47:37:085       904      d94      Agent        * Found 7 updates and 77 categories in search; evaluated appl. rules of 3123 out of 4490 deployed entities
2014-11-13      17:47:37:085       904      d94      Agent      Reporting status event with 192 installable, 57 installed,  0 installed pending, 0 failed and 7 downloaded updates
2014-11-13      17:47:37:085       904      d94      Agent      *********
2014-11-13      17:47:37:085       904      d94      Agent      **  END  **  Agent: Finding updates [CallerId = Windows Update Command Line  Id = 44]
2014-11-13      17:47:37:085       904      d94      Agent      *************
2014-11-13      17:47:37:085       904      d94      IdleTmr      WU operation (CSearchCall::Init ID 44, operation # 3346) stopped; does use network; is not at background priority
2014-11-13      17:47:37:085       904      d94      IdleTmr      Decremented idle timer priority operation counter to 0
2014-11-13      17:47:37:085       904      dac      AU      >>##  RESUMED  ## AU: Search for updates [CallId = {9433486F-02C1-4E02-90FD-2E6305466A5D} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2014-11-13      17:47:37:085       904      dac      AU        # 7 updates detected
2014-11-13      17:47:37:085       904      dac      AU      #########
2014-11-13      17:47:37:147       904      dac      AU      ##  END  ##  AU: Search for updates  [CallId = {9433486F-02C1-4E02-90FD-2E6305466A5D} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2014-11-13      17:47:37:147       904      dac      AU      #############
2014-11-13      17:47:37:147       904      dac      AU      All AU searches complete.
2014-11-13      17:47:37:147       904      dac      AU      AU setting next detection timeout to 2014-11-14 12:13:29

Author Comment

by:Paul Blackmore
ID: 40440581
This is last bit of windows log. There are 7 downloaded updates but I cant seem to get anyway of installing them.

Author Comment

by:Paul Blackmore
ID: 40440597
By switching from option 4 (Download and schedule) to option 3 (Download and notify) I've now got a message on action centre that there are updates that need to be approved but no way of approving them?

Expert Comment

by:Rob G
ID: 40440623
What is the setting in the GPO?
It should be set to a time to install them..
What time is it set to install updates?

There are a few settings:
1. Notify for download and notify for install
2. Auto Download and notify for installation
3. Auto Download and schedule the installation
4. Allow local admin to choose the settings

In those settings you have additional settings:
1. Schedule installation time of day
1-1. everyday or Monday - Sunday
2. Scheduled Time of day for installation
2-1. 24hour clock based on time for installation

Another variable here:
If you have "delay restart for scheduled installation" set to enabled;
The system will not install the updates till after the next reboot.

assuming you have rebooted, since you had to make the UAC control changes, the policy definition will determine when the system actually applies the updates.. Otherwise it would be better to not define anything, accept for the "specify intranet Microsoft update service location" and set the client machines to auto update, and reboot at will.. ;)

The logs, though, they look good..
No errors from what i can see..

Expert Comment

by:Rob G
ID: 40440630
The approval process needs to take place on the WSUS console.
While the user is an administrator that is allowed to locally OK what to install, the domain admin on the WSUS Server needs to approve the actual update prior to it being OK for the local admin to install or not install..

Is the Server hosting WSUS fully updated?
While the WSUS system itself has a variety of updates, there are some updates in the hosted OS that help as well.. Specifically with Signed certificates..

Accepted Solution

Paul Blackmore earned 0 total points
ID: 40486307
I've given up on this one. My GPO for windows 8.1 updates just points to our wsus server so that we can at least control what updates are received, all the other wsus settings I've controlled via registry edits.

Author Closing Comment

by:Paul Blackmore
ID: 40495788
Not fixed but a workaround until I have time to look more in depth at this.

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question