A
ATyler - Life Flight Network
Hello, I've just became aware of a potential update problem in my environment and thought I would post about it before calling Microsoft. We run a single Windows 2012 R2 server with the WSUS role installed. This server handles update "policy" for all of our Windows workstations and servers. I say policy because it is configured not to stage any updates locally, but send the client to the public Windows update website for download. Here is the version info from Help > About..
This WSUS implementation has been working pretty well for managing updates companywide. We primarily run Windows 7 Pro SP1, Windows 10 LTSB 2016 (1607 | Build 14393), Windows Server 2008 R2, and Windows Server 2012 R2.
Right now WSUS reports that it is actively managing updates for about 400 machines, half of which approximately are running Windows 10 LTSB.
So, the problem.... I just realized that our helpdesk person had been manually applying a Windows 10 CU update from June to fix a problem on a particular Lenovo hardware platform. The problem it resolves really isn't important for this conversation. What has me puzzled is the fact that a fix from a CU back in June hadn't already been applied to a Windows 10 LTSB machine that reports as fully patched on our network. This was clue #1 that there might be a problem with CU updates on Windows 10 LTSB in our implementation of WSUS.
Now that I was looking for this problem, clue #2 was that in review of pending unapproved WSUS updates, the latest Windows 10 update titled "2018-11 Cumulative Update for Widnows 10 Version 1607 for x64-based Systems (KB4467691)" reports that it only applies to 6 of our almost 200 Windows 10 LTSB computers.
The update that our helpdesk person had been installing manually as needed is KB4284833, an update dated June 2018... I even went as far as to manually import that update into our WSUS server which reports that no computers "need" this update. Helpdesk also tells me that a "stack update" must be applied before the June CU will install successfully. That's KB4132216 which as far as WSUS knows also does not apply to any systems on our network.
So, it seems that WSUS is not applying CU updates to our Windows 10 LTSB computers. Or more specifically stated, WSUS doesn't feel that CU updates for build 1607 apply to Windows 10 workstations in our environment running LTSB 2016.
For my next step in troubleshooting, I plan to remove the GPO forcing WSUS as the only update resource for a few LTSB machines that report a CU is not needed. It will be interesting to see what one of these affected systems will report for required updates when connecting to Windows Update directly without WSUS.
Any other troubleshooting suggestions?
Regards,
Adam Tyler
Continue reading...
This WSUS implementation has been working pretty well for managing updates companywide. We primarily run Windows 7 Pro SP1, Windows 10 LTSB 2016 (1607 | Build 14393), Windows Server 2008 R2, and Windows Server 2012 R2.
Right now WSUS reports that it is actively managing updates for about 400 machines, half of which approximately are running Windows 10 LTSB.
So, the problem.... I just realized that our helpdesk person had been manually applying a Windows 10 CU update from June to fix a problem on a particular Lenovo hardware platform. The problem it resolves really isn't important for this conversation. What has me puzzled is the fact that a fix from a CU back in June hadn't already been applied to a Windows 10 LTSB machine that reports as fully patched on our network. This was clue #1 that there might be a problem with CU updates on Windows 10 LTSB in our implementation of WSUS.
Now that I was looking for this problem, clue #2 was that in review of pending unapproved WSUS updates, the latest Windows 10 update titled "2018-11 Cumulative Update for Widnows 10 Version 1607 for x64-based Systems (KB4467691)" reports that it only applies to 6 of our almost 200 Windows 10 LTSB computers.
The update that our helpdesk person had been installing manually as needed is KB4284833, an update dated June 2018... I even went as far as to manually import that update into our WSUS server which reports that no computers "need" this update. Helpdesk also tells me that a "stack update" must be applied before the June CU will install successfully. That's KB4132216 which as far as WSUS knows also does not apply to any systems on our network.
So, it seems that WSUS is not applying CU updates to our Windows 10 LTSB computers. Or more specifically stated, WSUS doesn't feel that CU updates for build 1607 apply to Windows 10 workstations in our environment running LTSB 2016.
For my next step in troubleshooting, I plan to remove the GPO forcing WSUS as the only update resource for a few LTSB machines that report a CU is not needed. It will be interesting to see what one of these affected systems will report for required updates when connecting to Windows Update directly without WSUS.
Any other troubleshooting suggestions?
Regards,
Adam Tyler
Continue reading...