Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
cannot find some updates in wsus or microsoft update catalog

Answered cannot find some updates in wsus or microsoft update catalog

All Replies

  • Saturday, October 06, 2012 10:36 PM
     
     Answered
    Sign In to Vote
    1

    HI,

    not all updates are published to WU/MU/WSUS

    some update packages are only ever published to MS Download Centre.
    some update packages are only ever published as hotfix-by-request.

    in general, if I can't find a specific update by it's KBnumber in the MUcatalog, I go for a manual download, which means (for me) I can't/won't use WSUS to deploy it.

    PS:
    I find that the term "hotfix" is very ambiguous (however clearly it may be defined in official documentation), often poorly understood, and mis-used
    (this is not a criticism of anybody, just my observation)

    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)


     
  • Sunday, October 07, 2012 4:36 AM
     
     
    Sign In to Vote
    0

    Hi Don and Tnx

    but can you tell me what is the strategy here ?

    why such important updates (necessary for proper functioning of DC and GPO's) should not be published into WSUS and update catalog ?

     
  • Sunday, October 07, 2012 12:08 PM
     
     Answered
    Sign In to Vote
    0

    Am 06.10.2012 schrieb M. Ganji:

    i had some problems in some gpo settings and i found this link including some important hotfixes which should be installed on 2008 R2 SP1

    http://blogs.technet.com/b/yongrhee/archive/2012/09/29/list-of-domain-controllers-dc-s-related-hotfixes-post-sp1-for-windows-server-2008-r2-sp1.aspx

    Hotfixes were not deployd in WSUS or Windows/Microsoft Update. You
    will not finded Hotfixes in Update Catalog.

    I also went to microsoft update catalog and searched for some of them but could not find them

    for example :

    <cite>support.microsoft.com/*kb/2698279*</cite>

    Hotfixes will not deployed in WU/WSUS/Update Catalog.

    is there any delay in updating microsoft catalog and wsus servers or i am missing some point ?

    Here you can find alle Updates deployed to WSUS:
    http://support.microsoft.com/kb/894199

    Winfried

    http://www.microsoft.com/germany/windowsserver2003/technologien/updateservices/default.mspx
    http://www.wsuswiki.com/Home

     
  • Saturday, October 13, 2012 3:45 PM
    Moderator
     
     Answered
    Sign In to Vote
    0

    I find that the term "hotfix" is very ambiguous (however clearly it may be defined in official documentation), often poorly understood, and mis-used
    (this is not a criticism of anybody, just my observation)

    This is true, Don, and I think some of it stems from Microsoft's own ambiguous use of the term in the old days when everything was called a hotfix. On top of that many ISVs also call things hotfixes that are not consistent with how they're defined for the Microsoft environment.

    But today a Microsoft "hotfix" has two very significant characteristics:

    • It is not regression-tested, which means that it should only be installed exactly where the symptoms it is designed to fix have been actually observed. The lack of regresssion testing may cause other new problems to surface, or break thinks that have previously been fixed, including opening up security vulnerabilities that have been previously plugged, or creating new security vulnerabilities.
    • Because it is not regresssion tested, it is only available via direct download (i.e. not from AU/WU/MU/WSUS), and is intended to be installed one-machine-at-a-time, although I do continue to see patch administrators who want to mass-distribute a hotfix (which is generally neither a good idea, nor actually necessary).

    A perfect example is this very update: KB2698279. This update is designed to remediate a performance issue in Win7SP1 and Win2008R2SP1 systems when a NETLOGON GPO is in use and causing issues, specifically noted is the use of the DnsAvoidRegisterRecords setting.

    So, first, unless a NETLOGON GPO is being used, this update does not apply.

    Second, unless there is No Other Way to achieve the desired objectives except by using the NETLOGON GPO -- an organization should opt to find an alternate pathway to their objectives and avoid the use of the NETLOGON policy option.

    Third, the only machines that are eligible for this update are Windows 7 SP1 and Windows Server 2008 R2 SP1 systems.

    Fourth, the hotfix is designed to address a performance issue at LOGON. To that point -- LOGON times should not be an issue on server operating systems, since generally speaking, users ought not be logging onto the consoles of server operating systems. That pretty much eliminates the Server OS as a potential target for this hotfix (not to mention the *risks* of installing a hotfix on a server).

    That leaves us with Win7Sp1 systems as candidates. So unless the *user* is actually complaining about the LOGON times, I would say don't install the hotfix. If a user complains, well now you have something you can do for them. And that update can be installed one-machine-at-a-time, as the user submits a ticket to the Help Desk.

    Finally, since this is only a *logon performance* problem, and not a system reliability problem .. those Help Desk tickets ought to be appropriately prioritized. That is to say, if I were the decision maker, the ticket would be assigned Priority '3' and the hotfix would get applied when spare cycles were available and no other Priority '1' or '2' tickets were open.

    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin



     
  • Saturday, October 13, 2012 4:02 PM
    Moderator
     
     
    Sign In to Vote
    0

    why such important updates (necessary for proper functioning of DC and GPO's) should not be published into WSUS and update catalog ?

    Truly, this is the fallacy here, and exactly why it is a hotfix. The update is not necessary for the proper functioning of a Domain Controller (in fact, the hotfix is not even applicable to a DC unless it happens to be a Win2008R2SP1 system where a user is logging on  -- which I most certainly hope is NOT the case for a DC!, and even then only if a NETLOGON GPO is in use and applicable to that DC), nor is it necessary for the proper functioning of Group Policy, in general. It is designed to address a very specific performance issue observed in a very finite set of circumstances (user logon on a Win7SP1 system when a very specific GPO type is in use), and truly only if you, as a patch administrator, feel compelled to remediate the performance issues observed at logon by a Win7SP1 system user -- and only after an appropriate risk assessment of the possible implications of installing a minimally tested repair.

    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin