locked
Server 2016 WSUS and Windows 10 1703 update issues RRS feed

  • Question

  • Hi

    had a 2012R2 WSUS server that did not want to work with Windows 10 updates after 1607 so i built a new one using 2016 datacentre.  All updates were authorised and downloaded but the update did not work, at this point i authorised "Feature Update to Windows 10 Pro, version 1703, en-gb, Retail" All is working fine except updates for Windows 10 version 1703.

    I asked it to roll out "Feature Update to Windows 10 Pro, version 1703, en-gb" thinking this was for OEM versions of clients and all the clients reported back saying that the update was not for them (computers installed / not applicable)

    So i authorised the update "Feature Update to Windows 10 Pro, version 1703, en-gb, Retail" and half of my 100 computers list this update as required while the other half says that its not for them (computers installed / not applicable)

    On those that have accepted this update, they download it fine from the WSUS server and then install it.  Within a few minutes the update fails and the error codes that come back are

    Event ID:20, Level Error, Windows failed to install the following update with error code 0x8024200D

    Event ID:20, Level Error, Windows failed to install the following update with error code 0xc1800118

    The WSUS server already has the mime entry for .esd (application/vnd.ms-cab-compressed) so i changed this to .esd (applicaton/octet-stream) and it has made no difference at all, it still fails.  All other updates work fine, just not this one.

    The other issue i have, as the update is for Retail does this mean i will have issues with OEM keys on all the machines that get the update?

    Any help is appreciated as i am banging my head against a wall with this issue.

    Friday, September 15, 2017 10:11 AM

Answers

  • First, change the .esd back to what it was. Server 2016 already has that done properly.

    Second, setup and use my script to clean out WSUS of all the garbage that's clogging it up. Just because it's new, doesn't mean that it's optimized!

    Have a peek at my Adamj Clean-WSUS script. It is the last WSUS Script you will ever need!

    http://community.spiceworks.com/scripts/show/2998-adamj-clean-wsus

    What it does:

    1. Add WSUS Index Optimization to the database to increase the speed of many database operations in WSUS by approximately 1000-1500 times faster.
    2. Remove all Drivers from the WSUS Database (Default; Optional).
    3. Shrink your WSUSContent folder's size by declining multiple types of updates including by default any superseded updates, preview updates, expired updates, Itanium updates, and beta updates. Optional extras: Language Packs, IE7, IE8, IE9, IE10, Embedded, NonEnglishUpdates, ComputerUpdates32bit, WinXP.
    4. Remove declined updates from the WSUS Database.
    5. Clean out all the synchronization logs that have built up over time (configurable, with the default keeping the last 14 days of logs).
    6. Compress Update Revisions.
    7. Remove Obsolete Updates.
    8. Computer Object Cleanup (configurable, with the default of deleting computer objects that have not synced within 30 days).
    9. Application Pool Memory Configuration to display the current private memory limit and easily set it to any configurable amount including 0 for unlimited. This is a manual execution only.
    10. Checks to see if you have a dirty database, and if you do, fixes it. This is primarily for Server 2012 WSUS, and is a manual execution only.
    11. Run the Recommended SQL database Maintenance script on the actual SQL database.
    12. Run the Server Cleanup Wizard.

    It will email the report out to you or save it to a file, or both.

    Although the script is lengthy, it has been made to be super easy to setup and use so don't over think it. There are some prerequisites and instructions at the top of the script. After installing the prerequisites and configuring the variables for your environment (email settings only if you are accepting all the defaults), simply run:

    .\Clean-WSUS.ps1 -FirstRun

    If you wish to view or increase the Application Pool Memory Configuration, or run the Dirty Database Check, you must run it with the required switch. See Get-Help .\Clean-WSUS.ps1 -Examples

    If you're having trouble, there's also a -HelpMe option that will create a log so you can send it to me for support.

    Third - Your en-GB Retail would be the correct one to approve as that would be upgrading OEM/Retail versions. Make sure your products/classifications have the appropriate products checked for Windows 10 (easiest is to check all that say Windows 10, then after everything's working, work your way backwards if you want to).

    Fourth - I doubt it very much, because it was more for 2012, but if you run .\Clean-WSUS.ps1 -DirtyDatabaseCheck my script will check to see if your database is dirty and if it is, it will fix it.


    Adam Marshall, MCSE: Security
    http://www.adamj.org

    • Proposed as answer by Yan Li_ Thursday, September 21, 2017 7:45 AM
    • Marked as answer by john tru Tuesday, January 30, 2018 11:25 AM
    Monday, September 18, 2017 2:31 AM

All replies

  • First, change the .esd back to what it was. Server 2016 already has that done properly.

    Second, setup and use my script to clean out WSUS of all the garbage that's clogging it up. Just because it's new, doesn't mean that it's optimized!

    Have a peek at my Adamj Clean-WSUS script. It is the last WSUS Script you will ever need!

    http://community.spiceworks.com/scripts/show/2998-adamj-clean-wsus

    What it does:

    1. Add WSUS Index Optimization to the database to increase the speed of many database operations in WSUS by approximately 1000-1500 times faster.
    2. Remove all Drivers from the WSUS Database (Default; Optional).
    3. Shrink your WSUSContent folder's size by declining multiple types of updates including by default any superseded updates, preview updates, expired updates, Itanium updates, and beta updates. Optional extras: Language Packs, IE7, IE8, IE9, IE10, Embedded, NonEnglishUpdates, ComputerUpdates32bit, WinXP.
    4. Remove declined updates from the WSUS Database.
    5. Clean out all the synchronization logs that have built up over time (configurable, with the default keeping the last 14 days of logs).
    6. Compress Update Revisions.
    7. Remove Obsolete Updates.
    8. Computer Object Cleanup (configurable, with the default of deleting computer objects that have not synced within 30 days).
    9. Application Pool Memory Configuration to display the current private memory limit and easily set it to any configurable amount including 0 for unlimited. This is a manual execution only.
    10. Checks to see if you have a dirty database, and if you do, fixes it. This is primarily for Server 2012 WSUS, and is a manual execution only.
    11. Run the Recommended SQL database Maintenance script on the actual SQL database.
    12. Run the Server Cleanup Wizard.

    It will email the report out to you or save it to a file, or both.

    Although the script is lengthy, it has been made to be super easy to setup and use so don't over think it. There are some prerequisites and instructions at the top of the script. After installing the prerequisites and configuring the variables for your environment (email settings only if you are accepting all the defaults), simply run:

    .\Clean-WSUS.ps1 -FirstRun

    If you wish to view or increase the Application Pool Memory Configuration, or run the Dirty Database Check, you must run it with the required switch. See Get-Help .\Clean-WSUS.ps1 -Examples

    If you're having trouble, there's also a -HelpMe option that will create a log so you can send it to me for support.

    Third - Your en-GB Retail would be the correct one to approve as that would be upgrading OEM/Retail versions. Make sure your products/classifications have the appropriate products checked for Windows 10 (easiest is to check all that say Windows 10, then after everything's working, work your way backwards if you want to).

    Fourth - I doubt it very much, because it was more for 2012, but if you run .\Clean-WSUS.ps1 -DirtyDatabaseCheck my script will check to see if your database is dirty and if it is, it will fix it.


    Adam Marshall, MCSE: Security
    http://www.adamj.org

    • Proposed as answer by Yan Li_ Thursday, September 21, 2017 7:45 AM
    • Marked as answer by john tru Tuesday, January 30, 2018 11:25 AM
    Monday, September 18, 2017 2:31 AM
  • Hello,

    Just checking in to see is there any update here? Have you tried the suggestions provided by Adam?

    Would you please help to mark the reply as answer if you found it helpful?

    Regards,

    Yan


    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, September 28, 2017 8:10 AM