I'm in the process of determining what we will need for our Windows 10 roll out next year, as part of our tech refresh cycle. I have a few Win10 machines I have been using to test to figure out what I need to do and what to expect from the Patch Management administration side of the house. In addition to the Win10 machines, we are also upgrading our servers from 2008R2 SP1 to 2016. The WSUS and PM server are on the same virtual server, with a physical server I repurposed acting as a PM automation server to even the load out.
The biggest issue that I have so far is the inability to update 3rd party updates on our Win10 (v1607, Anniversary Update) machines. Java, Firefox ESR, etc. Group Policy is applying correctly, pointing the computers to the update server. I push the certificates needed via GP as well, which are also installed, so it's not a certificate or a communication issue. The updates are downloading, or at least showing that they are downloading.
I've not come across any errors that show why an update failed, only that it failed, and the computers try again the next day. I suspect that it has something to do with running the WSUS and PM on 2008R2 servers, as we have had some other management issues with Win10 and our 2008R2 servers. Event logs show that it is downloading the same number of updates that are failing, but without any failure errors or warnings.
Any thoughts would be appreciated. Thanks.
Hello Jacob. I'm going to start by letting you know that you may get a quicker response if you reach out to Support to have them help you track this down, but here are some things you might check:
It is possible that this is due to your 2008 R2 servers if you're running WSUS 3.0 (if that were the case your Windows 10 machines likely wouldn't be getting MS updates either):
Policy and Certificate are definitely steps you want to start with.
You can check the Windows Update logs on a machine to get additional information:
If you do find an error code, you can reference this KB to see what it might relate to:
Thanks for the response.
The Win10 machines are getting their Windows updates just like they are supposed to.
Some GP settings I had to manually change due to our policies not correctly applying to Win10 machines, but I knew that was a strong possibility when I started testing. For my purposes, I manually changed all of the settings I needed on the machines in question. Other policies, such as certificates from the server, applied correctly and are present on target machines.
Running through the Windows Update logs, the errors I have seen simply say that the download failed. The error codes suggest a Windows Update database file corruption as the reason, but I had already run the troubleshooter and manually cleaned out the Windows Update files and the error code shows up both before and after. When I checked the Patch Manager, it gave an "Not Installed" status, rather than a "Failed" status.
I will probably have to get with Support on this. Thanks for your time though!
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.