Dan
asked on
WSUS not installing all the updates.
I'm running a new install of WSUS, on windows server 2016, fresh install, and the server is not used for anything else, but WSUS.
All my servers and computers show "needed count" for updates with large numbers. Even after I install updates on the clients or servers, the number never goes to 0, how do I install all the needed updates on my servers/workstations?
The 2nd problem is, for a few computers, it looks like the computers have contacted the WSUS server, a few weeks ago, but there's no status report, and there's no info about the computers. Any idea's how to resolve?
All my servers and computers show "needed count" for updates with large numbers. Even after I install updates on the clients or servers, the number never goes to 0, how do I install all the needed updates on my servers/workstations?
The 2nd problem is, for a few computers, it looks like the computers have contacted the WSUS server, a few weeks ago, but there's no status report, and there's no info about the computers. Any idea's how to resolve?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Does anyone know how to get the computers to report back 100% of the time, so I can when they are fully patched and updated?
Visit such a win10 machine, try to update it, see what it does and why updating fails.
For server 2012 R2, the reason could be, that it did not successfully install "update 1", which is a prerequisite for all newer updates. Check that by logging on, opening powershell and starting the command
\\servername\root\cimv2:Wi n32_QuickF ixEngineer ing.HotFix ID="KB2919 355",Servi cePackInEf fect=""
For server 2012 R2, the reason could be, that it did not successfully install "update 1", which is a prerequisite for all newer updates. Check that by logging on, opening powershell and starting the command
get-hotfix | sls 2919355
See if it find that update or not - output should be\\servername\root\cimv2:Wi
ASKER
I typed the get-hotfix command as you suggeseted, but nothing happened, the prompt appeared again, flashing.
In regards to your last comment, in one of the servers, the root folder is empty. I will check others soon.
I'll walk to a few win10 machines and try to figure out why it's failing.
In regards to your last comment, in one of the servers, the root folder is empty. I will check others soon.
I'll walk to a few win10 machines and try to figure out why it's failing.
If it comes up empty, that patch is NOT installed and we have found the reason why newer patches don't install. Now download and install kb2919355 from https://www.microsoft.com/en-us/download/details.aspx?id=42334
ASKER
Perhaps it wasn't installed if it wasn't part of a critical or security update, as those where the only two categories for servers I had selected.
I opened up the classifications to include service packs, update rollups, updates and upgrades, should I add any other category for hte automatic updates for the servers as well?
I opened up the classifications to include service packs, update rollups, updates and upgrades, should I add any other category for hte automatic updates for the servers as well?
I think it is classified as update rollup, that's why it wasn't found. What you selected now is ok. If you select "upgrades" however and you don't want upgrades for windows 10 (if win10 is a selected product) deployed by wsus, you may want to deselect it again.
ASKER
Just curiuos, why don't I want the upgrades, isn't that the release updates, like 1803 I think is the newest upgrade, otherwise, all my computers will not be on the newest version, right? Why shouldn't I want them to upgrade to the newest version?
The newest version is usually the preferred version, right. Deploying these upgrades using WSUS is not preferred in secured environments (in my opinion), since it will turn off bitlocker during the upgrade (assuming that you use bitlocker). So what we do here, is roll-out upgrades in a more controlled manner using scripts.
Dan, is your problem solved? Please close this now, or return with feedback.
ASKER
McKnife,
So I checked my own PC, and KB2919355 is not installed. When, I checked for updates, it says it's all up to date.
When I Checked my WSUS server, I searched for kb2919355, and you can see what comes up. I set for all updates to be automatically updated, so I don't know why it didn't approve the updates?
So I checked my own PC, and KB2919355 is not installed. When, I checked for updates, it says it's all up to date.
When I Checked my WSUS server, I searched for kb2919355, and you can see what comes up. I set for all updates to be automatically updated, so I don't know why it didn't approve the updates?
ASKER
Perhaps I'm missing something, as you can see from this screenshot, the computer with IP 192.168.102.10, shows it needs 14 more updates, but when I did a check on my computer, windows says it's "up to date". So which one is lying. I think this problem is happening to most or all my computers, and that's why the installed updates in WSUS will never get to 100%, because it thinks that there are updates that still need to be installed, but the local PCs think they are up to date.
Slowly.
You write "When I Checked my WSUS server, I searched for kb2919355, and you can see what comes up. I set for all updates to be automatically updated, so I don't know why it didn't approve the updates? " - as your screenshot shows, these updates are NOT related to kb2919355, they apply to systems that don't have kb2919355 installed. Just scroll down and see if you see kb2919355 itself.
You write "When I Checked my WSUS server, I searched for kb2919355, and you can see what comes up. I set for all updates to be automatically updated, so I don't know why it didn't approve the updates? " - as your screenshot shows, these updates are NOT related to kb2919355, they apply to systems that don't have kb2919355 installed. Just scroll down and see if you see kb2919355 itself.
ASKER
Well, download it manually and all its prerequisites and install it as described at https://www.microsoft.com/en-us/download/details.aspx?id=42334
These KB's must be installed in the following order: clearcompressionflag.exe, KB2919355, KB2932046, KB2959977, KB2937592, KB2938439, and KB2934018.
KB2919442 is a prerequisite for Windows Server 2012 R2 Update and should be installed before attempting to install KB2919355
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks guys for your help, sorry about the late response.
ASKER
I have configured the policy for the computers to download and install.