locked
KB4056897 not applicable from WSUS RRS feed

  • Question

  • Hi guys,

    I have a customeer with several 2008R2 servers not receiving the recent spectre updates.

    WSUS 3.2.7600.256 running on VM on server 2008R2.

    can see WSUS has downloaded the correct update (KB4056897)

    its approved status in WSUS is set to install

    the reg key has been pushed out via GPO to all servers (checked multiple times the key is present and correct)

    the status report on the update in WSUS says not applicable to all 2008R2 servers in my environment.

    AV is webroot. (They have said the update is compatible)

    Have had WSUS do another sync just now as I heard there were revisions to the updates released last week. Still no good.

    When I check for updates via WSUS or online all of my 2008R2 member servers are not presented with the update.

    all servers are reporting back to WSUS server OK.

    The reg key I have deployed via GPO (which is present on all servers) is:

    computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Currentversion\qualityCompat

    REG_DWORD

    value: cadca5fe-87d3-4b96-b7fb-a231484277cc

    data: 0x0000000

    Help!

    Thursday, January 18, 2018 12:09 AM

All replies

  • I'm having the same issue, I've installed this update on a few Windows Server 2008 R2 machines. Have Microsoft pulled the update?
    Thursday, January 18, 2018 5:04 PM
  • Hello,

    Can you manually install the update on your servers?

    What kind of processor do you use, AMD or Intel?

    Microsoft has received reports from some customers about AMD devices getting into an unbootable state after this update is installed. To avoid this issue, Microsoft will temporarily pause Windows system updates to devices that have affected AMD processors.

    Please refer to the link below for more details about this hotfix:

    https://support.microsoft.com/en-us/help/4056897/windows-7-update-kb4056897


    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, January 19, 2018 1:51 AM
  • The server was running on VMware, and the host sever CPU is Intel. Looks like the server in question never had SP1 which KB4056897 requires.
    Friday, January 19, 2018 9:55 AM
  • Have manually installed on a few servers with no issues.

    But I dont want to do this to all of the servers. I want to get it working via WSUS.

    Servers are VMware, hosts have intel chips.

    Servers have SP1.

    Monday, January 22, 2018 11:36 AM
  • Hello,

    As manually install works without issue, this mean something is wrong with the windows update agent. 

    I suggest you stop Windows update service and delete softwaredistribution folder, then start Windows Update service. 

    Regards,

    Yan 


    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, January 31, 2018 9:26 AM
  • The standalone .MSU version of the update, does not check the same things as the version coming from MU/WSUS, because the admin has tested and knowingly deploys this update manually.

    If the update is not offered from WSUS, then you might have the following issue:

    "If you have not been offered the security update, you may be running
    incompatible antivirus software, and you should consult the software
    vendor."

    https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software

    Hope this helps,

    Andrei


    We could change the world, if God would give us the source code.

    Wednesday, January 31, 2018 10:58 AM