Solved

Windows 10 Updates - Best Practice

Posted on 2016-07-20
16
108 Views
Last Modified: 2016-08-01
I have a customer who is justifiably concerned about staying up with Windows updates on all their machines.
Often, they get messages that say an update failed but will be tried again (but when?).  And, when did it fail?

This is important because most of these computers MUST have DCOMCNG setting: Default Properties / Default Authentication Level set to NONE instead of the Windows default of CONNECT.
Now, we know that Windows updates won't happen with it set to NONE.  So, I've written scripts to switch it at midnight (to CONNECT) and at 8am (to NONE).  Perhaps I could open that window in time a bit and start at 8pm instead of midnight.

This raises two questions:

1) can the message "will try again" be relied on and the updates be done in a timely manner?  Do you experience this same thing with the DCOM set to CONNECT all the time?  Is it a matter for concern?

2) is there a way to know or control when the updates will be attempted?  During the working day seems untoward.  The old 3am time seems to have gone out the window altogether.
0
Comment
Question by:Fred Marshall
  • 6
  • 4
  • 2
  • +4
16 Comments
 
LVL 90

Expert Comment

by:John Hurst
ID: 41722029
Windows 10 updates WILL happen at some point. I think there may be registry hacks (not GPO's) to prevent updates but I do not recommend such.

Updates failed is a different thing and should be addressed.

To hide an update temporarily, run wushowhide.diagcab and select the update to hide

https://support.microsoft.com/en-us/kb/3073930

Sooner or later the update will be properly addressed. In the meantime, updates will be able to proceed.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41722032
With respect to number 2 (is there a way to know or control when the updates will be attempted?  ) you can set Auto Updates in Windows 10 to notify to schedule restart.

You can also defer updates for (I think) up to 2 weeks.
0
 
LVL 11

Expert Comment

by:Bryant Schaper
ID: 41722151
Is it a domain environment and you can setup wsus, you have a lot more control then.
0
 
LVL 25

Author Comment

by:Fred Marshall
ID: 41723522
Not on a domain.

I haven't investigated:
What does it mean to "schedule restart"?  That tells me nothing about updates except that it's presented in a dialog that exists in an updates context.  I do think I know what an update is.  I do think I know what a restart is.  I do know that some updates require a restart.  But, so far I have not learned that a restart will necessarily cause updates!!
0
 
LVL 25

Author Comment

by:Fred Marshall
ID: 41723670
I asked:
1) can the message "will try again" be relied on and the updates be done in a timely manner?  Do you experience this same thing .....?  Is it a matter for concern?

Well, I asked three questions here in a short paragraph.  My bad.:

Maybe you don't experience this "update failed - will try again" message at all?  Maybe you do.
It would be informative for me to know if you do or don't.

If you do, are you not concerned, ignore the message as "info" and carry on, finding that the updates eventually happen OK?
If  you don't, then that's curious but I don't know what to say or do about our experience.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41723678
Did you try wsushowhide?
0
 
LVL 25

Author Comment

by:Fred Marshall
ID: 41723690
John Hurst:  It seems to me that it's for the opposite issue.  The issue is *getting* updates reliably, not hiding them.  I don't think most of the users know how to hide them.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41723693
I have a customer who [said] get messages that say an update failed but will be tried again

I can never help you so I will unsubscribe. The solution to the above is wsushowhide until fixed. You do not know when Microsoft will fix it.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 25

Author Comment

by:Fred Marshall
ID: 41723779
John:  Please help me understand just how wsushowhide is a solution.  That's what I tried to convey my lack of understanding.
0
 
LVL 25

Author Comment

by:Fred Marshall
ID: 41724752
OK.  I ran WSUSHOWHIDE on one of my Win 10 systems.  It does exactly as advertised and doesn't address this question at all.

It has also been suggested that our use of DCOM settings makes this question more complex.  Allow me to suggest a simpler  framework:
Our forced use of unconventional DCOM settings simply switches the ability to do updates ON and OFF.  We are quite confident of that.  So, this part of the question comes down to one of "updates at what time of day?"  We have implemented a script to automatically make the switch so we know it happens daily.
Our ability to allow updates is limited to non-working hours.  Accordingly, updates might be blocked from 8 a.m. to 6 p.m. M-F and possible from 6 p.m to 8 a.m. and possible from 6 p.m. Friday to 8 a.m. Monday.  Should that cause a problem?  Might that cause "update failed, we will try again?" messages to occur?

We are puzzled re: what the Microsoft approach to update scheduling is...
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 41724879
I don't know how DCOM interferes with the updates, but Windows 10 checks once a day for updates, and at that time retries failed ones too. The time as with prior OS can be set up too, but you'll need to use the Group Policy objects or the registry for that. Otherwise the "update when idle" stuff applies.
0
 
LVL 42

Expert Comment

by:Davis McCarn
ID: 41724882
In Windows 10, the default update time is at 3:30 A.M. on the next Wednesday and I know that because I have created a shortcut to Windows Updates and use it to ensure that client's PC's are completely updated before they carry them away (or I leave if I'm onsite).
I also always check and, rather regularly, see the update failed message; though, most often (90%), they are a hardware driver update or an Office update and they seem to install successfully the second time around.
As long as they are not the flash player updates or security updates, I wouldn't worry about it until one has failed three times.
0
 
LVL 7

Expert Comment

by:Hector2016
ID: 41724898
I have another idea.

Why dont you try to modify the script to include the installation of all updates?

It may be like this:

1. Enable DCOM Authentication.
2. Search for Updates.
3. Download founded and needed updates.
4. Auto-install downloaded updates.
5. Disable Windows DCOM Authentication
6. Auto-Reboot if needed.

I have a piece of code in VBS that can make steps 2-4 including 6.

What language are you using on your current scripts?
0
 
LVL 19

Expert Comment

by:marsilies
ID: 41725281
You could run this command from a script to prompt Windows Update to check for and install updates:

wuauclt.exe /detectnow /updatenow

Open in new window


That way you can ensure it's checking during the time DCOM is set to Connect.
0
 
LVL 25

Author Comment

by:Fred Marshall
ID: 41731772
Should I see anything if I run wuauclt?  I don't...
0
 
LVL 19

Accepted Solution

by:
marsilies earned 500 total points
ID: 41731793
Nothing should appear on the command line, or pop up

You can check Event Viewer for Events 30, 31, or 33
https://technet.microsoft.com/en-us/library/cc735613(v=ws.10).aspx

You can also check the Windwos Update log at %windir%\Windowsupdate.log (typically C:\Windows\WindowsUpdate.log). Best to check after 10-15 minutes to let it run first.
https://technet.microsoft.com/en-us/library/cc719838(v=ws.10).aspx
https://technet.microsoft.com/en-us/library/cc720477(v=ws.10).aspx
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Finding a job can be stressful - searches, resume tweaks, and networking events can be super boring. Luckily we're here to help you land your dream job!
EE introduced a new rating method known as Level, which displays in your avatar as LVL. The new Level is a numeric ranking that is based on your Points. This article discusses the rationale behind the new method and provides the mathematical formula…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now