Update Connectivity – You are just not updating it right

The title of this post is tongue in cheek. Last week Microsoft has posted an article about Update Connectivity value and what role it plays in PC’s ability to install updates in a timely manner. Post made some waves on various IT news sites and also garnered critical response from systems administrators.

I cannot check if this parameter correlates with problems with updates (we use 3d party tools for updates). But, if you use Intune, maybe you can test this theory and find some useful insights. Although Microsoft provided rather vague explanation on how much time is actually required for PC to successfully update:

Specifically, data shows that devices need a minimum of two continuous connected hours, and six total connected hours after an update is released to reliably update.

Does this mean that only 2 continuous hours needed to initiate update, but the rest 4 can be divided in chunks, but still 6 in total needed to complete? So, if PC is online just 2 hours every day it will take 3 days to update? They need to clarify this part. By the way, this means being connected to Windows Update service, not just being online. But can update itself be interrupted? If not, then why they not say 6 continuous hours. Download already can be resumed next day and shouldn’t be that long anyway. Lots of confusion and questions here as it seems that you kind of need to keep it online for 6-8 hours to make it to update for sure. Which is not optimal. And this probably came from all the smart things introduced in Windows 10 gradually (active hours, Windows trying to find time to update when you are not actively using it). Updates got so big and they need so much time to install that it became a problem for users (being interrupted with updates). But Microsoft’s solution for this was not installing updates at all. Which is bad for security and a headache for administrators. And response from Microsoft is – Windows 11 has smaller and faster updates. Right. Though Windows 10 is not going away yet. And it was “last Windows” version and was intended to be polished and improved all the time. Why not improve update process in it instead of as usual touting better things for new and shiny versions? Who knows, maybe updates will not require a restart. In Windows 65 🙂

Windows ir Office atnaujinimai su Delivery Optimization [LT]

Delivery Optimization yra viena iš Windows 10 naujovių leidžiančių kompiuteriams tinkle pasidalinti Windows, Office ir Windows Store programų atnaujinimais išvengiant didelio kiekio siuntimų iš interneto. Kai pirmą kartą sužinojau apie tokį “peer-to-peer” modelį, įvertinau skeptiškai. Nes paprastam vartotojui gauti atnaujinimus iš nežinia ko neatrodė saugu ir aplamai reikalinga. Bet organizacijos kontekste ir su tinkamais nustatymais tai gali būti naudinga. Nors naudojant WSUS ar SCCM kaip vidinį atnaujinimų surinkėją jau išvengiama didelio interneto ryšio apkrovimo, tačiau didelis kiekis kompiuterių jungiantis prie šių servisų gali apkrauti juos. Todėl dalinimasis atnaujinimais tokiu atveju irgi gali būti naudingas.

Read More

WSUS – Windows 10 April 2018 Update [EN]

A while ago i have posted about how i plan to deal with big feature updates for Windows 10 via WSUS. Now the April 2018 Update (1803) is out. Nothing has changed about the issues with Cumulative Update after the upgrade. Windows 10 still can’t see the latest Cumulative Update on WSUS after the upgrade. I have searched on this topic and read at some site, that it was a known bug for 1607 version. I guess it will never be fixed..

Last time i have explained how i was going to work with feature updates for Windows 10 further, which would involve lots of manual checking and fixing. I was also hesitant to do scripting, as it was hard to make a good and error prone script. But i have finally decided to try it with scripting, because it would just be very time consuming to do the old way for hundreds of PCs twice a year. Read More

Windows 10 no status in WSUS after KB4056892 [EN]

Short post this time. After all the mess that happened after the Spectre and Meltdown vulnerabilities disclosure and a frenzy of patching (i think Microsoft has released updates 5-6 times in January) a few machines in our network have stopped updating their status in WSUS. Although, they were still able to check for updates. It happened after a failed installation of KB4056892 update. Which then installed correctly, but since then no status updates were sent. The solution is as per usual: stop the Windows Update service, wipe C:\Windows\SoftwareDistribution folder, start the service and run the check for updates.

Dealing with Windows 10 feature updates via WSUS [EN]

Based on a few last updates in this post i had to adjust my Windows 10 management via WSUS. It will involve manual checking and fixing, so if one has thousands of clients – tough luck. It is possible to make a script to do everything. A complex, error prone and hard to test. I don’t want to end up with some PCs running with WU service disabled for a prolonged period of time. If someone can come up with a sophisticated script for this (possible to do everything on a single run during a startup, with pauses, etc.) feel free to share, though sometimes it just doesn’t allow to delete SoftwareDistribution folder after stopping WU service and you must to reboot the system or even disable WU and then reboot. What other options there are? SCCM uses the same method and i think i’ve read comments about people having similar problems. Not to mention it costs a lot. Intune won’t let you manage updates the way WSUS does. It is just a set of policies you apply to your PCs. Just like Windows Update for Business. You set how and what updates should it get and hope it is working. There is no GUI or a list of PCs to see if they are updating or not. In the world of WannaCry outbreaks it is crucial to have a tool to make sure your network is updated. WSUS is outdated and has its own flaws, but it was working fine until Windows 10 came. Microsoft needs to do something about it. Read More

WSUS – Windows 10 Fall Creators Update quirks [EN]

After posting about my experience updating Windows 10 to Creators Update via WSUS earlier this year i thought updating to Fall Creators Update should be a breeze. Well, not exactly. There are some issues and quirks i had to deal with.

First of all, our WSUS has successfully pulled Fall Creators Update (1709 version) from Microsoft servers sometime around October 17 and started reporting Needed status for Windows 10 PCs in our network. So i went and declined an upgrade for Windows 7 and 8.1 machines as we are not doing such upgrades. And then approved en_us and en_gb updates for a special group, which i will be putting PCs in to update. We have two versions as there are a few computers in the network using en_gb version (that was a mistake, but now we don’t really want to reinstall them; i wish there were only one EN version..). Then i have added a few testing PCs to that group. When doing Check for updates it pulled the update from WSUS and started preparing it for installation. While PC was showing “Preparing” status, WSUS was showing Failed status for this machine (quirk No.1, but very minor one). After the update installation it still shows Needed status for some time, until it gets new info from PCs. Once PC has prepared Fall Creators Update (FCU or 1709) it shows a popup as shown above. It is different from what was shown last time and this popup is the usual Action Center popup. Although i would like not to have human faces in there as i have to prepare instructions with screenshots and this looks weird. Quirks No.2 and 3 – pressing Restart Now in this popup did nothing on one of my testing machines. I have waited 5 minutes, tried pressing it again, restarting the machine and pressing again. Nothing. The second PC haven’t even showed it at all for some reason. One should hope MS will fix this for the next update (actually, it should be fixed in the FCU already for it to work for the next update). So, i had to use Start > Power button > Update and Restart. This worked fine and FCU install went smoothly on both machines. It took around 10-15 minutes until seeing your desktop (with multiple reboots and waiting for it to finish once you login). As MS is now doing updates with only differences, not overwriting the whole system, it takes almost 2 times less time. This is great.

Read More

Windows 10 atnaujinimų srauto ribojimas [LT]

Šiandien perskaičiau vienam puslapyje, kad paskutiniame Insider build’e atsirado galimybė riboti atnaujinimų parsiuntimo greitį (ir išsiuntimo, jei yra paliktas nustatymas atnaujinimais “peer-to-peer” principu dalintis su kitais interneto naudotojais). Tiesa, naujovių sąraše nepaminėta, todėl neaišku ar jau veikia. Bei paslėpta labai gerai 🙂 Update & Security > Windows Update > Advanced options > Delivery Optimization > Advanced options. Reikės išbandyt, nes paleidžiant siuntimui virtualioj mašinoj naują build’ą galima pamiršt apie interneto naršymą tam laikui. Suvalgo srautą visiškai 🙂

WSUS – updating Windows 10 to Creators Update [EN]

Based on the previous post about dealing with Windows 10 updates our WSUS is already prepared to serve Feature Updates. To enable this you have to open your WSUS console, go to Options, Products & Classifications and enable the Upgrades category (not the Updates). This will automatically create the Upgrades view on the left in the Updates branch. Then you have to go to the home page and run the synchronization. After this the Upgrades view should be populated with all the possible upgrade options. Among them the Creators Update for Windows 10. You will also see upgrade options for Windows 7 and 8.1 (we will not cover them in this article). Be sure not to approve them, if you are not planning to upgrade your existing older installations to Windows 10. To be sure, you can even decline them, so your clients won’t be showing in the list as if they are missing some update. There is also a distinction by the language used to install Windows 10. We currently have only two laptops with Windows 10. They came with a retail UK version of Windows 10 on DVDs (laptops came with pre-installed Ubuntu on them, so no OEM Windows). I had to approve Feature Update to Windows 10 Pro, versijon 1703, en-gb, Retail update option for them. There is also Feature Update to Windows 10 Pro, versijon 1703, en-us, which should cover regular OEM US installations. Enabling this upgrade wasn’t enough though.  Read More

80073712 error and Windows Servicing corruption fixing [EN]

Windows Update fails is quite a common issue at my work. Usually it is enough to press Check for Updates one more time (especially when first check for updates is running after a fresh installation of Windows and WU service needs to download a huge amount of updates information). Sometimes a simple Windows reboot is enough. Or various other simple solutions. But recently i had a really nasty issue. Most probably PC was forcefully turned off while installing updates (or downloading them) and the Windows Servicing system got corrupted. While searching for a fix (because reinstalling a machine is always the last choice) i had to try various suggestions and tools. In the end i have stumbled upon this Microsoft article, which helped me to solve the problem and around which i have compiled this short instruction. But first i will provide the quicker and simplier solutions, which work most of the time.

First you can try stopping the Windows Update service and deleting the %Windir%\SoftwareDistribution\ directory. Then run the service again and do a check for updates.

Sometimes it is also helpful to do sfc /scannow and let it fix system files.

You can also try System Restore and restore the system to a point you believe everything was fine.

If nothing from above works, then try this procedure:

  • Download and install the System Update Readiness Tool update (e.g. for Windows 7 64-bit). It will take 10-15 minutes.
  • Then check this tool’s log at %Windir%\Logs\CBS\CheckSUR.persist.log or CheckSUR.log. Look for Unavailable repair files list (usually at the bottom). It should list .manifest, .mum and .cat files.
  • From a healthy PC’s %Windir%\Winsxs\Manifests\ directory copy the healthy .manifest files which are listed in the log and put them into corrupted PC’s %Windir%\Temp\CheckSUR\manifests\ directory.
  • Again, from a healthy PC’s %Windir%\servicing\packages\ directory copy .mum and .cat files into corrupted PC’s %Windir%\Temp\CheckSUR\servicing packages\ directory.
  • Run the System Update Readiness Tool update again and wait till it finishes (it is run by installing it again). Should take 10-15 minutes again.
  • Try to run the update’s installation which was causing 80073712 error again. This time it should install normally.

Windows 7 – Windows Update check speedup [EN]

At some point in 2015 computers running Windows 7 or Windows Vista started having an issue with a very long updates check. It is probably affecting Windows 8/8.1 as well. Freshly installed Windows 7 machine can spend many hours or even days to complete a check, when it was just a few minutes normally. Machines with less resources wouldn’t be able to complete a check even when doing this non-stop for days. CPU usage would stay abnormally high during the check.

I have finally found a fix for this and already tried it both at work on hundreds of PCs and on my brothers older PC, which couldn’t check for updates at all.

First, you need to go to Services (services.msc) and stop the Windows Update service.

Then install this update – Windows6.1-KB3172605-x86 (or Windows6.1-KB3172605-x64). If this update is not installing, install this one first – Windows6.1-KB3020369-x86 (ar Windows6.1-KB3020369-x64). Then reboot your PC and run the check for updates. It should now take just a few minutes.

You can download these updates here:
1. Windows6.1-KB3172605
https://support.microsoft.com/en-us/kb/3172605 (update rollup 2016 July)
32-bit https://download.microsoft.com/download/C/D/5/CD5DE7B2-E857-4BD4-AA9C-6B30C3E1735A/Windows6.1-KB3172605-x86.msu
64-bit https://download.microsoft.com/download/5/6/0/560504D4-F91A-4DEB-867F-C713F7821374/Windows6.1-KB3172605-x64.msu

2. Windows6.1-KB3020369
https://support.microsoft.com/en-us/kb/3020369 (servicing update 2015 April)
32-bit https://download.microsoft.com/download/C/0/8/C0823F43-BFE9-4147-9B0A-35769CBBE6B0/Windows6.1-KB3020369-x86.msu
64-bit https://download.microsoft.com/download/5/D/0/5D0821EB-A92D-4CA2-9020-EC41D56B074F/Windows6.1-KB3020369-x64.msu