none
Server 2012 R2 Reference Image Updates as Offline Packages? RRS feed

  • Question

  • Hello MDT Community,

    I was wondering if anyone has been able to successfully add windows updates as offline packages for Windows Server 2012 R2 OS reference images? I am trying to rebuild my reference images. From the latest 2012 R2 ISO, with WSUS for updates, each deployment takes 3 hours. I was hoping to shave off some time by including at least some updates as offline packages. I tried to add the latest Quality Rollup, .NET Rollup, and I.E. 11 rollup, but the deployment fails when any one or all of the packages are included.

    I was hoping someone has been through this before and found out which updates can be added with offline packages for Server 2012 R2. Does anyone have a list of KBs that work? I tried searching online for Building a Server 2012 R2 reference image, but I am not finding any tutorials which mention any KBs to use for offline packages.

    MDT Build 8450
    KB's I have tried: KB4103768, KB4099635, KB4093114

    Regards,
    dlofstedt


    Tuesday, May 8, 2018 10:57 PM

Answers

  • I literally just updated my 2012 R2 image. Here is the list I use for offline packages:

          
    KB2938066
    KB2989930
    KB3004365
    KB3008242
    KB3012235
    KB3012702
    KB3013172
    KB3013410
    KB3013531
    KB3013538
    KB3013769
    KB3013791
    KB3013816
    KB3015696
    KB3018133
    KB3019978
    KB3023266
    KB3024751
    KB3024755
    KB3027209
    KB3029603
    KB3030947
    KB3031044
    KB3033446
    KB3034348
    KB3035126
    KB3036612
    KB3037924
    KB3038002
    KB3042085
    KB3044374
    KB3044673
    KB3045634
    KB3045685
    KB3045717
    KB3045719
    KB3045755
    KB3045999
    KB3046017
    KB3046737
    KB3048043
    KB3054169
    KB3054203
    KB3054256
    KB3054464
    KB3055323
    KB3055343
    KB3055642
    KB3059317
    KB3060793
    KB3061512
    KB3063843
    KB3071756
    KB3075220
    KB3076949
    KB3077715
    KB3078405
    KB3078676
    KB3080042
    KB3080149
    KB3082089
    KB3084135
    KB3084905
    KB3086255
    KB3087041
    KB3087137
    KB3091297
    KB3094486
    KB3095701
    KB3096411
    KB3099834
    KB3100473
    KB3102429
    KB3103616
    KB3103696
    KB3103709
    KB3109103
    KB3109560
    KB3109976
    KB3110329
    KB3115224
    KB3121261
    KB3121461
    KB3123245
    KB3126434
    KB3126587
    KB3128650
    KB3133043
    KB3133690
    KB3134179
    KB3134812
    KB3134815
    KB3137728
    KB3138378
    KB3138602
    KB3138910
    KB3138962
    KB3139164
    KB3139398
    KB3139914
    KB3140219
    KB3140234
    KB3145432
    KB3146604
    KB3146723
    KB3146751
    KB3146978
    KB3147071
    KB3149157
    KB3155784
    KB3156059
    KB3159398
    KB3161949
    KB3162343
    KB3172729
    KB3173424
    KB3175024
    KB3178539
    KB3179574
    KB3185319
    KB4033369
    KB4033428
    KB4054519
    KB4054854
    KB4103725
    KB4103729

    Once the Os is installed I find you have to go back and run additional patches as Apps. I have a set of patches just for patching .NET since its not installed during the OS install. I also have another set that cover the monthly rollups. It seems like even when you install the monthly rollup as a package it still needs to be reinstalled later because something else is stomping on it. Havent figured out that that is though. Finally I have another set of patches that just covers misc. patches that seem to break the OS install phase so I install them as apps also.

    Hope that helps.

    Mike

    • Marked as answer by dlofstedt Monday, May 21, 2018 10:38 PM
    Thursday, May 10, 2018 1:58 PM

All replies

  • I did not have any issues myself, but more often than not I do tend to use Windows Update as offline servicing is fairly slow. To troubleshoot your issue, could you grab your BDD.log as well as your DISM.log and upload 'em to a public hosting site?

    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    Wednesday, May 9, 2018 11:47 AM
  • Hello Anton,

    Here is the BDD.log:

    https://pastebin.com/qGWNrsLw

    The failure happens after DISM applies the unattend settings and the VM reboots. It doesn't make it very far through the splash screen before it crashes. When I scour the filesystem for logs, including C:\Windows\Logs\, there is no DISM folder or log file anywhere I can see and I tried entering the full path at the command line.

    I was hoping someone that uses offline patches on server 2012 r2 deployments might have some insight as to which packages they found go through successfully before going down the rabbit hole of troubleshooting these specific failures.

    Regards,

    dlofstedt

    Wednesday, May 9, 2018 11:28 PM
  • I literally just updated my 2012 R2 image. Here is the list I use for offline packages:

          
    KB2938066
    KB2989930
    KB3004365
    KB3008242
    KB3012235
    KB3012702
    KB3013172
    KB3013410
    KB3013531
    KB3013538
    KB3013769
    KB3013791
    KB3013816
    KB3015696
    KB3018133
    KB3019978
    KB3023266
    KB3024751
    KB3024755
    KB3027209
    KB3029603
    KB3030947
    KB3031044
    KB3033446
    KB3034348
    KB3035126
    KB3036612
    KB3037924
    KB3038002
    KB3042085
    KB3044374
    KB3044673
    KB3045634
    KB3045685
    KB3045717
    KB3045719
    KB3045755
    KB3045999
    KB3046017
    KB3046737
    KB3048043
    KB3054169
    KB3054203
    KB3054256
    KB3054464
    KB3055323
    KB3055343
    KB3055642
    KB3059317
    KB3060793
    KB3061512
    KB3063843
    KB3071756
    KB3075220
    KB3076949
    KB3077715
    KB3078405
    KB3078676
    KB3080042
    KB3080149
    KB3082089
    KB3084135
    KB3084905
    KB3086255
    KB3087041
    KB3087137
    KB3091297
    KB3094486
    KB3095701
    KB3096411
    KB3099834
    KB3100473
    KB3102429
    KB3103616
    KB3103696
    KB3103709
    KB3109103
    KB3109560
    KB3109976
    KB3110329
    KB3115224
    KB3121261
    KB3121461
    KB3123245
    KB3126434
    KB3126587
    KB3128650
    KB3133043
    KB3133690
    KB3134179
    KB3134812
    KB3134815
    KB3137728
    KB3138378
    KB3138602
    KB3138910
    KB3138962
    KB3139164
    KB3139398
    KB3139914
    KB3140219
    KB3140234
    KB3145432
    KB3146604
    KB3146723
    KB3146751
    KB3146978
    KB3147071
    KB3149157
    KB3155784
    KB3156059
    KB3159398
    KB3161949
    KB3162343
    KB3172729
    KB3173424
    KB3175024
    KB3178539
    KB3179574
    KB3185319
    KB4033369
    KB4033428
    KB4054519
    KB4054854
    KB4103725
    KB4103729

    Once the Os is installed I find you have to go back and run additional patches as Apps. I have a set of patches just for patching .NET since its not installed during the OS install. I also have another set that cover the monthly rollups. It seems like even when you install the monthly rollup as a package it still needs to be reinstalled later because something else is stomping on it. Havent figured out that that is though. Finally I have another set of patches that just covers misc. patches that seem to break the OS install phase so I install them as apps also.

    Hope that helps.

    Mike

    • Marked as answer by dlofstedt Monday, May 21, 2018 10:38 PM
    Thursday, May 10, 2018 1:58 PM
  • Thanks Mike,

    I did end up going down the rabbit hole unfortunately. I found out I can inject the "Servicing Stack" update KB3173424 and it does not crash. If I add any other update, it crashes. I have not gone through them all one by one, but I have tried a few. I tried using your list as well and was able to find roughly 40 of them available from the WSUS offline updater, which I then imported into MDT and ran a test deployment. Same issue...After the patches are applied through unattend.xml and the server reboots, I get the following error:

    There is no DISM log at this point that I could find, since X: is not available only C:. There is no DISM folder under Windows\Logs. In the Panther folder for settup error log there is the following entry, which I don't know what it means:

    2018-05-11 19:50:26, Error                 CSI    00000008 (F) Could not find pending.xml identifier in registry.
    [gle=0x80004005]
    2018-05-11 19:50:26, Error                 CSI    00000009@2018/5/11:10:50:26.03 (F) base\wcp\componentstore\com\store.cpp(369): Store corruption detected in function `anonymous-namespace'::QueryPendingXmlIdentifier expression: 0
      RegistryCorruption on resource [50]"\Registry\Machine\COMPONENTS\\PendingXmlIdentifier"[gle=0x80004005]
    2018-05-11 19:50:26, Error                 CSI    0000000a (F) HRESULT_FROM_WIN32(14098) #131# from Windows::COM::CComponentStore_IAdvancedInstallerAwareStore::ResolvePendingTransactions(dwFlags = (DontFailIfPrimitivesPending|IndicatePrimitiveRollback), Progress = NULL, Phase = 0, Disposition = (unknown enumerant 0)[3]" | "0)[gle=0x80073712]
    2018-05-11 19:50:26, Error                 CBS    Startup: Failed to process advanced operation queue, startupPhase: 0. [HRESULT = 0x80073712 - ERROR_SXS_COMPONENT_STORE_CORRUPT]
    2018-05-11 19:50:26, Error      [0x030149] CMI    Callback_CBS_Do_OnlineInstall:Calling startup processing failed 0x80073712
    2018-05-11 19:50:27, Error      [0x030153] CMI    Callback_CMI_ConfigInstall: CBS startup processing re-run failed.

    At this point I have run out of time to troubleshoot the issue. I have decided to add a pause task sequence step to my deployments and manually run windows updates from the GUI. It would be nice to figure this out so it can be automated, but I have to get these reference images rebuilt to meet a project deadline.

    The most recent change in my environment was upgrading from MDT 8443 with an older ADK to MDT 8450 with the Windows 10 10.1.16299.15 ADK. All other OSs (Win 7, 2016, Win 10) so far deploy and update fine. Server 2012 R2 with WSUS updates only is sporadic. Sometimes it takes 3 hours with no errors, sometimes it takes 7.5 hours with so many errors it stops trying after 8 passes. It is almost as if it is installing the updates out of order and this order is different every time. I may start another forum post for that issue.

    Thanks for your help,

    Darren


    • Edited by dlofstedt Friday, May 11, 2018 9:06 PM Typo
    Friday, May 11, 2018 9:05 PM
  • I don't think your problem is with packages. Your task sequence is getting to the point where it has installed the OS and has rebooted. If it were a package issue you would most likely see a red failure message before it ever booted to the point in your picture. There should be logs to look at though. Check on the X: drive. Typically I find my logs at one of the following locations:

      • Logging done before the operating system is
        actually installed:
        • X:\MININT\SMSOSD\OSDLOGS  
      • Logging done after the hard disk has been formatted:
        • C:\MININT\SMSOSD\OSDLOGS
      • Logging after the operating system has been deployed:
        • %WINDIR%\TEMP\DeploymentLogs
    • SMSTS.LOG File:
      • C:\Users\Administrator\AppData\Local\Temp\SMSTSLog\
      • C:\Users\Administrator\AppData\Local\Temp\
    • DISM.LOG File:
      • During Windows PE Operating System installation:
        • X:\WINDOWS\LOGS\DISM
      • After the operating system has been installed:

      • C:\WINDOWS\LOGS\DISM

    I think you have something else going on. Perhaps a driver issue? As an aside, you don't need to put in a pause to run WSUS updates. There is a script in MDT for that purpose. Use a run command line task with the following command line: cscript.exe "%SCRIPTROOT%\ZTIWindowsUpdate.wsf".

    Good luck,

    Mike

    Wednesday, May 16, 2018 12:48 PM
  • Hey Mike,

    Yes, normally I have seen package failures cause the DISM apply step to fail, before the OS reboots. This is a strange case where it actually does finish and reboots, but the error above is received. As I mentioned in that state, there is no X drive, and there is no C:\Windows\Logs\DISM folder. I don't think it's a driver issue because when I remove the packages, the deployment proceeds just fine, plus I don't have many drivers in my reference image as it is just a generic VM. 

    Also, maybe I was not very clear in my description of the problem, but my issue seems to be with the ZTIWindows update script itself and Server 2012 R2. When I let MDT in combination with WSUS handle the updates, they are installed in a different order each time, some times taking 7+ hours after which it gives up trying after 8 failed passes.

    To rule out WSUS, I added the pause step to the task sequence and manually ran updates using the GUI. That took 3 hours, but it worked consistently across all my Sever 2012 R2 reference images.

    I have a hunch that it may be something with my particular setup as I have not found anyone else complaining except for one person on a forum post somewhere that I have not been able to find again...

    Anyway, my reference images are updated so I will mark this issue as resolved. I asked for a list of packages for Server 2012 R2 that are known working, and I go that. So I will mark that post as the answer.

    Thanks for the help everyone,

    Darren

    Monday, May 21, 2018 10:38 PM