This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.

You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Windows 10, 3rd Party Updates, and Patch Manager

jasweat over 6 years ago

Hello All,

I'm in the process of determining what we will need for our Windows 10 roll out next year, as part of our tech refresh cycle. I have a few Win10 machines I have been using to test to figure out what I need to do and what to expect from the Patch Management administration side of the house. In addition to the Win10 machines, we are also upgrading our servers from 2008R2 SP1 to 2016. The WSUS and PM server are on the same virtual server, with a physical server I repurposed acting as a PM automation server to even the load out.

The biggest issue that I have so far is the inability to update 3rd party updates on our Win10 (v1607, Anniversary Update) machines. Java, Firefox ESR, etc. Group Policy is applying correctly, pointing the computers to the update server. I push the certificates needed via GP as well, which are also installed, so it's not a certificate or a communication issue. The updates are downloading, or at least showing that they are downloading.

I've not come across any errors that show why an update failed, only that it failed, and the computers try again the next day. I suspect that it has something to do with running the WSUS and PM on 2008R2 servers, as we have had some other management issues with Win10 and our 2008R2 servers. Event logs show that it is downloading the same number of updates that are failing, but without any failure errors or warnings.

Any thoughts would be appreciated. Thanks.

Jacob

0 jrouviere over 6 years ago

Hello Jacob. I'm going to start by letting you know that you may get a quicker response if you reach out to Support to have them help you track this down, but here are some things you might check:
It is possible that this is due to your 2008 R2 servers if you're running WSUS 3.0 (if that were the case your Windows 10 machines likely wouldn't be getting MS updates either):
For those on WSUS 3.0 SP2 (or SBS 2011) – WSUS Product Team Blog
Policy and Certificate are definitely steps you want to start with.
You can check the Windows Update logs on a machine to get additional information:
https://support.microsoft.com/en-us/help/3036646/how-to-read-windows-update-logs-in-windows-10-version-1607
If you do find an error code, you can reference this KB to see what it might relate to:
Error codes and patches for WSUS servers - SolarWinds Worldwide, LLC. Help and Support
Cancel
Vote Up 0 Vote Down

Cancel
0 jasweat over 6 years ago in reply to jrouviere

jrouviere,
Thanks for the response.
The Win10 machines are getting their Windows updates just like they are supposed to.
Some GP settings I had to manually change due to our policies not correctly applying to Win10 machines, but I knew that was a strong possibility when I started testing. For my purposes, I manually changed all of the settings I needed on the machines in question. Other policies, such as certificates from the server, applied correctly and are present on target machines.
Running through the Windows Update logs, the errors I have seen simply say that the download failed. The error codes suggest a Windows Update database file corruption as the reason, but I had already run the troubleshooter and manually cleaned out the Windows Update files and the error code shows up both before and after. When I checked the Patch Manager, it gave an "Not Installed" status, rather than a "Failed" status.
I will probably have to get with Support on this. Thanks for your time though!
Jacob
Cancel
Vote Up 0 Vote Down

Cancel