5 Replies Latest reply on May 15, 2014 4:29 PM by Lawrence Garvin

    Remove an Reinstall of Deployed Software on Clients

    sz-a

      I don't know what to do:

       

      • I deployed a customized Mozilla Firefox package
      • The Deployment went ok but not in the intented way
      • I remodified/edited the customized package, published it (with "delete package" Option to recopy the binaries), checked that the package is already approved to the testclient group
      • I uninstalled the package manually on the Client and did a reboot
      • I ran a "wuauclt /detectnow" on the client to detect Windows Updates but the package isn't detected anymore
      • other new updates like Microsoft Updates are detected and installed.
      • I don't find any old data (files, folders, regkeys) from the former firefox installation

       

      How I have to correctly publish (modify and overwrite) a package with modified binaries or only configuration (like command line or packageboot script)?

        • Re: Remove an Reinstall of Deployed Software on Clients
          Lawrence Garvin

          Because the package had already been deployed to a client there are a couple of additional steps necessary.

           

          First, for any package deployed to the client that's going to be replaced, it should be expired on the WSUS server and the client forced to detect so the client knows that the cached metadata is expired. (This is why Microsoft always expires updates the day before they publish revisions to those updates.)

           

          Second, if the only change you are making is to the metadata, it is not necessary to use the "delete package" option, because the binaries have not changed. If the binaries DO change, you should duplicate the package, so it gets a new update ID, and then publish it as a new package. The client has the binary cached at this point, and it will not download a new binary for a revision to an existing update.

           

          So, assuming the client is evaluating the revision that you published, the next step is to troubleshoot the rules evaluation just as you would a new package, except now there's a fourth option:

          - The client doesn't see the revision at all.

          - The client has evaluated the update as Installed, but it isn't.

          - The client has evaluated the update as Not Applicable, but it is.

          - The client has evaluated the update as Not Installed, which is the desired behavior.

            • Re: Remove an Reinstall of Deployed Software on Clients
              sz-a

              If i ran "wuauclt /detectnow" on the Client then the WindowsUpdate.log says:

               

              ...

              15 15:35:57:010  404 1030 AU   # 0 updates detected

              15 15:35:57:011  404 1030 AU #########

              937E84805B04}]

              15 15:35:57:011  404 1030 AU #############

              15 15:35:57:011  404 1030 AU Successfully wrote event for AU health state:0

              15 15:35:57:011  404 1030 AU Featured notifications is disabled.

              16 11:06:46

              15 15:35:57:012  404 1030 AU Successfully wrote event for AU health state:0

              15 15:35:57:012  404 1030 AU Successfully wrote event for AU health state:0

              000000000000} 0 0 AutomaticUpdates Success Software Synchronization Windows Update Client successfully detected 0 updates.

              Deployment Check Reporting client status.

              15 15:36:01:976  404 188c Report CWERReporter finishing event handling. (00000000)

               

              I understand,this: The Client doesn't recognize the package as an applicable update.

              After that I expired the update, ran detectnow on Client, re-approved, ran detectnow again --> package not recognized, and now the updates view showed the package as files not downloaded.

              I re-published the package (Updates View Show ready for install), and reapproved the package.--> ran detectnow and the package is detected as update.

               

              So if i want to edit a package i have to

              1. expire the original package
              2. run wuauclt /detectnow on Client
              3. edit package
              4. re-publish package (if binaries Change with "delete content"-Option) --> btw. packageboot.XML and other additional files are binaries also?
              5. re-approve package to the target groups
              6. run wuauclt /detectnow on Client, then /updatenow

               

              so in production it would be faster and easier to copy the package, edit and publish as new, wouldn't it?

                • Re: Remove an Reinstall of Deployed Software on Clients
                  Lawrence Garvin

                  15 15:35:57:010  404 1030 AU   # 0 updates detected

                  This does not mean that the update is Not Applicable; it only means that there are no updates available at that moment.

                  To determine whether an update is Installed/NotInstalled/NotApplicable, use the console and confirm that the client's Last Reported Date is current.

                  packageboot.XML and other additional files are binaries also?

                  Yes. They are contained within the CAB file that is downloaded by the client, and it's the change of anything in that CAB file that requires the expiration of the package and the creation of a new package.

                  run wuauclt /detectnow on Client, then /updatenow

                  The /updatenow parameter is bogus; it does nothing. You only need to run /detectnow.

                    • Re: Remove an Reinstall of Deployed Software on Clients
                      sz-a

                      ok, thanks

                       

                      The /updatenow is only to force the Installation of detected updates at now instead of the configured install time.

                        • Re: Remove an Reinstall of Deployed Software on Clients
                          Lawrence Garvin

                          /updatenow is an undocumented parameter, although it is defined in the executable.

                          Whether it actually performs any real function is unknown. Personally I've never seen any evidence that the /updatenow switch does what it's name implies, but it's possible that's because it's never been launched in the correct context.

                           

                          I did get this log entry from the WindowsUpdate.log of a v7.6 WUA when running wuauclt /updatenow, which is more than I've ever seen with previous versions of the WUA.

                           

                          2014-05-15 16:21:08:882 1088 2148 AU No installable updates are available

                           

                          The only way I'm aware of to force the installation of detected patches is to launch the Windows Update applet (or launch an install from the Notification Area on WinXP/2003 systems).

                          Or use the Update Management tools in Patch Manager.

                           

                          Even if it does have functionality, it's going to require that the installation files are already downloaded and ready for installation.

                          If that were the case here, we wouldn't be having this conversation. :-)

                           

                          There are only three documented/functional parameters for use with the WUA:

                           

                          • /detectnow
                          • /resetauthorization
                          • /reportnow

                           

                          The official syntax is

                           

                          wuauclt [[resetauthorization] detectnow] | [reportnow]