none
KB3172614 not applicable, but prerequisites are there

    Question

  • I've found that my WSUS server has been reporting recent builds of Windows Server 2012 R2 as needing four superseded updates: KB3016074, KB3058168, KB3071663, KB3139162.  These are all superseded by KB3172614, but this is never "applicable" for installation.

    I downloaded KB3172614 from Microsoft Update Catalog and it is also "not applicable". 

    Typically, after first building Server 2012 R2 I manually install KB2929442 and KB2919355, and then the updates that come with it. 

    That being completed, the system will connect to WSUS and get all of the (140) other updates approved for Server 2012 so far.

    I see that the page for KB3172614 wants you to install a servicing stack update, KB 3021910,  Some of the other threads about this update also recommend 3921910.  However, one of the updates installed via WSUS is KB3713424 which supersedes it.  All of my server 2012 systems have the latter update, and KB3021910 is also listed as "not applicable" for all of them.

    So as far as I can tell, the systems that need  KB3172614 already have all of the prerequisites for it. 

    The older builds installed KB3172614 with no problem.  I suspect that one of the companion updates to KB2919355, or KB2929442, should be dropped from the manual install sequence or replaced with a newer one. But I can't tell which one.


    Wednesday, June 13, 2018 5:31 PM

All replies

  • What is the current patch level? After the servicing stack updates and rollups they moved to cumulative update model, so if any of these have been applied then all of the older stuff is superseded.

    https://support.microsoft.com/en-us/help/4009470/windows-8-1-windows-server-2012-r2-update-history

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Wednesday, June 13, 2018 6:33 PM
  • These installations have both of the 2018-05 updates (and a new one in a test group has the 2018-06 updates), if that's what you're asking.   But there are still older updates reported as "needed" by the operating systems, including the four superseded ones.

    I started this from an older version of the Windows Server 2012 ISO (ending in X19-05182).  Without KB2929442 and KB2919355, the installed OS won't even connect to the WSUS server. 

    However, a previous question of mine indicated that a newer version of the Server 2012 ISO already had KB2919355 installed on it, so I downloaded the latest one (ending in X19-82891). After installation, a Get-Hotfix confirmed that KB2919355 is installed by the media. 

    Unfortunately, Windows Update shows no updates available although the WSUS Console, once the computer reports in, shows 352 updates "needed".   So I'm guessing it needs a servicing stack update manually installed.  I tried KB3713424  but that didn't fix the problem.



    Wednesday, June 13, 2018 7:37 PM
  •  But there are still older updates reported as "needed" by the operating systems, including the four superseded ones.

    2012 or 2012 R2? Do you have a screenshot of this?

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Wednesday, June 13, 2018 7:39 PM
  • Server 2012 R2.   Here is the relevant report page from WSUS; the pertinent updates are circled in red, at the bottom of the image:

    Notice that this is based on the older X19-05182 ISO with the manual WU initialization procedure as described in the original post.
    Wednesday, June 13, 2018 7:52 PM
  • That's more likely an issue with WSUS definitions being incorrect or out-of-date. For WSUS issues I'd ask for help over here.

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverwsus

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Wednesday, June 13, 2018 8:30 PM
  • No, because the Microsoft Update Catalog shows that KB3172614 supersedes the same updates.
    Wednesday, June 13, 2018 8:33 PM
  • Since you have cumulative update 6-2018 installed there's no question the older servicing stack / rollup stuff is superseded. Another way to verify is to look at the File Information list in KB and compare the system files version versus the KB list. If the system versions are higher, then "not applicable" is expected behavior.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Wednesday, June 13, 2018 8:39 PM
  • OK, so here's the relevant file information for KB3016074:

    File name File version File size Date Time Platform
    Sppobjs-spp-plugin-manifest-signed.xrm-ms Not applicable 11,157 19-Jan-2015 00:08 Not applicable
    Sppobjs.dll 6.3.9600.17635 1,487,976 19-Jan-2015 18:42 x64

    And here's a screenshot from the server:

    Wednesday, June 13, 2018 8:54 PM
  • Here's what I have a fully patched 2012 R2 domain controller in \system32 directory

     

    I do show that KB3172614 was installed at some point (Get-HotFix | sort installedon)

     Not sure how it missed (may have been some glitch in the older patching model)  but more than likely now many other files in same KB are higher versions so reporting "not applicable" There's probably not much to do about it but stand up a new one. I think it's a software protection service DLL so may not be a big deal either.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Wednesday, June 13, 2018 9:20 PM
  • > There's probably not much to do about it but stand up a new one.

    But you see, that's the entirety of the problem. That's exactly what I'm trying to do:  Develop a fully-patched Windows Server 2012 R2 system starting from volume media provided by Microsoft, to use as a template for standing up new servers.

    The immediate problem of getting KB2919355 is solved by using the latest ISO from the Volume Licensing Service Center (I used X19-82891): It's got KB2919355 baked in, as is shown by running Get-HotFix imemdiately after installation. 

    The problem comes with the 150+ updates that are reported as "needed" after that.   I've tried several different times, and I've lost confidence in the Automatic Updates client to correctly detect and schedule updates. 

    I don't think WSUS has anything to do with it:  The Automatic Updates client does all of the applicability testing, and is the only reasonable place to expect updates will be scheduled correctly.  However, I will try letting the Automatic Updates client detect and download updates directly from Microsoft Update next. 

    Also, evidence seems to indicate that the new cumulative patching model isn't as comprehensive as it first sounds. 

    One of the things I tried was removing all approvals for Server 2012 updates except the most recent cumulative ones (5 or 6 updates).  The system installed those, but then it wanted 100+ more updates, just for WIndows Server 2012. Some of these "needed" updates were superseded by a later update, but the later update was "not applicable" (I guess because of the file information).

    At the end, I think I'm going to have to ask a new question about whether there is a well-known, canonical. mimimal schedule of updates for Windows Server 2012 R2 to get it to a good "fully-patched" state.

    Sunday, June 24, 2018 3:20 PM
  • ask a new question about whether there is a well-known, canonical. mimimal schedule of updates for Windows Server 2012 R2 to get it to a good "fully-patched" state.

    What's always worked for me is to stand up the new one, then connected to internet letting windows update automatically download / install all that are needed.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Sunday, June 24, 2018 3:53 PM
  • I've tried this, and it only gives an illusion of completeness.   From a brand new Server 2012 R2 installation from media, Microsoft Update offers 143 updates for install.  Then I join it to the domain (which applies the group policy that connects it to the WSUS server) and WSUS offers 8 more.  And then, when you look at the WSUS server, there are dozens of non-superseded updates for Server 2012 R2 (E.g. KB4284878) that are "not applicable"  they're "installed" on all the old Server 2012 machines that have been continuously updated, but "not applicable" on machines just created from media).   And the new OS still "needs" updates that the "non applicable" updates supersede.
    Friday, July 06, 2018 8:24 PM
  • It may vary depending on the image you started with. Bottom line is to look at the File Information list in the KB in question and compare the system files version versus the KB list. If the system versions are higher, then "not applicable" is expected behavior.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Friday, July 06, 2018 8:36 PM