Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


I am trying  to  inject  the updates  into a win7 image  using wsusoffline

Posted on 2016-10-28
Medium Priority
Last Modified: 2016-11-04
I  have removed   8  KB  that  people  have highlighted  that  can  break  the installation.
I  am  pushing  out the image  using SCCM
But  am  receiving  the  following error
Windows could not configure one  or  more system components  , To  install windows , restart ........
It has  to  be  one  of  the KBs  but  i  cant  find  out   what.
I  can  deploy WIN7_EntX64  SP1  with a hitch
Ps  using  a Vm  for  testing

any  ideas  
Question by:Roger Robinson
  • 5
  • 4
LVL 62

Expert Comment

ID: 41864927
Can you describe change that you did?
The 'people talk' does not break systems.

Author Comment

by:Roger Robinson
ID: 41865215
I am using the most recent win7 sp1 iso i have extracted the wim and using wsus offline  i have injected in all the remaining updates.FRom other websites i have removed various  KB  that may break  the installation.
Once completed I copy the wim up to SCCm and deploy  it  to my test group.
it in stall fine but on getting your machine ready screen
I get the message  ""Windows could not configure one or more system components" the machine will then reboot try again and  then iget  windows unexpectedly  started   message .
so  i need to  remove one or more KB  i guess... But i am not clever enough to determine which ones.
I believe ive taken out the ones that are dependent on net framework 4

any other suggestions  
Ps yes i know windows 7 is old   and i hope to switch to  10 in the new future , but i need this  to  work
thanks in advance
LVL 19

Expert Comment

by:Mike T
ID: 41866095

I have to ask - why are you using WSUS Offline when you have SCCM? If you have internet access it is so much easier.

I will assume that you don't have internet or the WSUS role installed.

First, a few questions:

do you have a list of the updates you have applied offline?
how did you remove the "KB"s?
what websites did you get the list of patches the allegedly break Windows

The reason I  ask is because I am currently deploying Windows 7 myself, I don't have internet access so I too installed updates offline but I avoided WSUS offline and used a script and mounted the WIM. Anyway, point is, I did not remove a single patch. I just scanned what was missing. A very important question - did you install the Windows 7 rollup first?

If not, I would start again from scratch and install the following:

Windows 7 Convenience Rollup (http://catalog.update.microsoft.com/v7/site/Search.aspx?q=3125574)
August rollup (follow-up)

Then scan with MBSA and checks what's left to be installed.

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

by:Roger Robinson
ID: 41866629
Thank  You  for  your  reply
here is how  i am  doing  this ,
Extract  the  wim from sp1 disk
Launch WSUs offline   and  down load all the  updates.
on my installation  they  go  into  wsusoffline\client\w61-x64\glb
One  down loaded  i go  to  this  folder and  manually  remove  the Kbs  that  i  have  read  break  the installation. Then  i  run the  command  to  inject  the  packages, Commit  the changes   then  copy  the wim  back  to  sccm.
229 updates  were  downloaded
So  no  i  did not  install  the  roll up first  i  didn't  know  i had  too ?  i  just  presumed.

I'm  doing  it  this  way  to  start  with a fully  patched  imaged  to  deploy,  but  will  then  update  the  image  with sccm  going   forward

I  am self  taught  so  im  not  the  brightest but  i  have   downloaded  the  roll up  and  will   try  again
am i able  to scan the wim  with MBSA  or  just a deployed  PC ?

Thanks  in advance
LVL 19

Expert Comment

by:Mike T
ID: 41866656

You build a machine, apply the rollup and then scan with MBSA, either installing it local, or better remotely from an admin machine.

You missed some answers: do you have internet access?
If you *do* then I strongly recommend scrapping WSUS Offline. It is meant purely for people who need to patch when away from any network that has internet.

I would like to give you a fuller answer but that would really take a small chapter worth of words.

Apply the rollup and scan it. That will give you a list.

You also need to research something called "build and capture". That is the officially recognised method of doing all this.


Author Comment

by:Roger Robinson
ID: 41866680
Yes  i  have  internet  access
and  have  successfully  patched a thick image on deployment using  wsus  in SCCm .
But  i wanted to explore a thin  image  then deploy  the apps separately  and  had  read  that WSus  offline was a good way  to  go ...........

Okay  so  you  recommend:-  deploying an image  to a machine ( Vm ) patching  it.  then  capture  that  image  back  as  your  reference  image ?
okay  ill give  that a go
LVL 19

Expert Comment

by:Mike T
ID: 41866705

Thin images are also highly recommended.

I'll give a very brief outline:

1) Create a Reference image - this is "thin"
2) use MDT 2013 update 2 (+ WDK)
3) Build and Capture
4) Import the WIM into SCCM
5) Deploy with drivers, apps and tweaks

Thin = Gold OS (from ISO) + .Net 4.5 + Visual C++ + convenience update + latest monthly rollup
Thin image Mechanism to use = MDT + WSUS with rule approving critical updates

That's the ideal setup. You *can* use SCCM to do the same thing but MDT is just better at it.


Author Comment

by:Roger Robinson
ID: 41866716
Ive  Incorporated MDT  into   SCCm . I am currently using MDT  boot,  but  not  the task  sequence  yet. But  that is  going to  be  my  next  step.
Am  i not  using  the  build and capture task  within SCCm to  capture  the  reference machine ?

Thanks  again  i will give  it a go
LVL 19

Accepted Solution

Mike T earned 2000 total points
ID: 41866884
That's kind of my point.

You can use MDT as a complete standalone tool to create the reference (thin) image
you can do the whole thing with SCCM.

Both ways, require creating a Reference image first. Which you choose is up to you, and will depend on your experience.

What you mention above is "MDT integration" with SCCM. That is another matter altogether. Good but not the same.


Author Closing Comment

by:Roger Robinson
ID: 41874368
Mike  Pointed me  in the  right Direction  Thanks

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Great sound, comfort and fit, excellent build quality, versatility, compatibility. These are just some of the many reasons for choosing a headset from Sennheiser.
The following article discusses and demonstrates the advantages of using Pull Distribution Points in SCCM 2012 SP1 or higher as opposed to traditional push based architecture
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month10 days, 14 hours left to enroll

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question