locked
Best practices for approving updates RRS feed

  • Question

  • Hello,

    I just got a mail from our ERP service provider that we should distribute the update KB4458469 for our Windows 10 (1803) computers.

    We are using a WSUS for distributing Windows updates which has been working well the last months.

    I have configured it so that it does not release updates automatically. I chose this way because I noticed that if you activated many products and classifications you would need a lot of disk space with automatic release of updates. That's why I connected to the server every Monday and released all necessary updates.

    The strange thing is that the update KB4458469 never appeared in the list of "not approved/erroneous or required". This is also the reason why I didn't release the update. Now I wonder if it makes sense to go this way at all, or is it better to release the updates automatically?

    Yours sincerely
    Andrew

    Thursday, September 27, 2018 9:48 AM

Answers

  • Hello, 
     
    After doing some test, I may find the reason for your issue.
     
    When I look for KB4458469 in my WSUS, i find that their name are started with "Dynamic ...", but when I review the updates catalog, I find updates whose name are started with "Cumulative..." and their metadata have not been synced to the WSUS, so you cannot find them in the list of "needed".
     
    You need import them to you WSUS manually and the appropriate clients will report that they need this update. Refer to following screenshot.
     

     
    Note that if your WSUS is on the server 2016, you need following this method to import the updates or there would be a mistake.
     
    Hope above answer could help you and look for your feedback.
     
    Best Regards,
    Ray
     

    Please remember to mark the replies as answers if they help.

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Andreas_Fe Monday, October 1, 2018 9:58 AM
    Friday, September 28, 2018 5:44 AM
  • Hello Ray Jia,

    Thank you so much for your answer.

    If I understood that correctly, Microsoft has released the operating system build 17134.286 (September 17, 2018 - KB4464218) to WSUS. But not the operating system build 17134.320 (September 26, 2018 - KB4458469). Now you either have the possibility to distribute the Dynamic Cumulative Update (KB4458469) (but this does not appear in WSUS as a security update because it is optional). Or you can import the operating system build 17134.320 (September 26, 2018 - KB4458469) into WSUS and release it. Or even simpler: you wait until the first October operating system build and then release it.

    I have now decided to distribute the Dynamic Cumulative Update (KB4458469).

    Thank you very much for your help.

    Yours sincerely
    Andreas Fendt
    • Marked as answer by Andreas_Fe Monday, October 1, 2018 10:08 AM
    Monday, October 1, 2018 10:08 AM

All replies

  • These are C and D updates which are non-security updates and preview(ish)

    https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376


    Adam Marshall, MCSE: Security
    https://www.ajtek.ca
    Microsoft MVP - Windows and Devices for IT

    Friday, September 28, 2018 5:02 AM
  • Hello, 
     
    After doing some test, I may find the reason for your issue.
     
    When I look for KB4458469 in my WSUS, i find that their name are started with "Dynamic ...", but when I review the updates catalog, I find updates whose name are started with "Cumulative..." and their metadata have not been synced to the WSUS, so you cannot find them in the list of "needed".
     
    You need import them to you WSUS manually and the appropriate clients will report that they need this update. Refer to following screenshot.
     

     
    Note that if your WSUS is on the server 2016, you need following this method to import the updates or there would be a mistake.
     
    Hope above answer could help you and look for your feedback.
     
    Best Regards,
    Ray
     

    Please remember to mark the replies as answers if they help.

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Andreas_Fe Monday, October 1, 2018 9:58 AM
    Friday, September 28, 2018 5:44 AM
  • Hello,
     
    I am reviewing old cases. Have your issue been solved or is there any update? Please feel free to feedback. 
     
    Best Regards, 
    Ray

    Please remember to mark the replies as answers if they help.

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, October 1, 2018 1:40 AM
  • Hello Ray Jia,

    Thank you so much for your answer.

    If I understood that correctly, Microsoft has released the operating system build 17134.286 (September 17, 2018 - KB4464218) to WSUS. But not the operating system build 17134.320 (September 26, 2018 - KB4458469). Now you either have the possibility to distribute the Dynamic Cumulative Update (KB4458469) (but this does not appear in WSUS as a security update because it is optional). Or you can import the operating system build 17134.320 (September 26, 2018 - KB4458469) into WSUS and release it. Or even simpler: you wait until the first October operating system build and then release it.

    I have now decided to distribute the Dynamic Cumulative Update (KB4458469).

    Thank you very much for your help.

    Yours sincerely
    Andreas Fendt
    • Marked as answer by Andreas_Fe Monday, October 1, 2018 10:08 AM
    Monday, October 1, 2018 10:08 AM