locked
After successfully updating all PCs on the network to 1607 with WSUS, no new updates from WSUS will install RRS feed

  • Question

  • I know a lot of people are having trouble pushing 1607 out with WSUS but we are actually seeing problems with WSUS integration after the upgrade to 1607.


    We pushed the 1607 update with WSUS in our office and across two small sites. One has 20 PC's and the other has 70.

    The initial automatic upgrade to 1607 went okay from the WSUS server once we did the following:

    -Have WSUS running on a Windows Server 2012 R2 server

    -with the kb3159706 and kb3095113 patches installed

    -ran the C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall /servicing command. (We are using HTTP not HTTPS to distribute the WSUS URL in a GPO so didn't need the other manual SSL config changes).

    -added the extension .esd type application/octet-stream to the WSUS IIS site

    -check the "Upgrades" radio option in the WSUS classifications

    -Approved the Retail version of 1607.


    So far so good, the following day all the PC's were on 1607.

    However, now we have noticed a problem since the upgrade -

    1. These fresh 1607 PC's are seeing new patches applicable to 1607 from the WSUS but all the PC's are sitting there stuck on Downloading 0%.

    2. WSUS is also reporting that 1607 is still needed on all PC's with the status of "downloaded", even though 1607 has installed on all of them from WSUS.

    Perhaps 1607 needs HTTPS for the WSUS URL in the GPO now?

    Is anyone else seeing this problem post 1607 upgrade?



    Thursday, September 1, 2016 4:07 PM

Answers

  • Known issue with 1607 being unable to download cumulative updates from WSUS.

    See this thread.

    https://social.technet.microsoft.com/Forums/office/en-US/5521e7f1-fa2d-4867-a47c-b276c66e6a82/windows-10-anniversary-update-1607?forum=winserverwsus


    Eric S.

    • Marked as answer by technet usr Thursday, September 1, 2016 10:55 PM
    Thursday, September 1, 2016 10:00 PM
  • Yes same issue to resolve it I manually downloaded the 2 offending patches that are getting stuck and installed them. A bit of faff but it worked.

    On a more serious note I don't like that fact that if windows update has an issue with an update then no new updates will EVER be downloaded and installed until you fix the offending ones. This is not great really but I guess it is because newer updates might rely on the updates previously.

    But for some average joe person on their home computer this would be quite bad as they might never realise that they haven't updated for months because one is stuck. Maybe Windows should send a warning via the desktop after a couple of months saying there is an issue.


    Thursday, September 1, 2016 9:08 PM
  • Hi Anne,

    As a workaround we changed the GPO to disable the "specify windows update server" so the updates were downloaded off the internet from Microsoft. (ie. disable WSUS completely)

    The problem here was the fact that there were 60 PC's all downloading a 400MB CU over a 8Mbps line on a Monday morning..

    It will be interesting to see if it's possible to fix WSUS integration post 1607 upgrade without any manual steps as you describe. If not, the best option would be to skip 1607 and wait a few months for the next Redstone 2 release.

    Tuesday, September 6, 2016 5:56 PM

All replies

  • Any errors in the WindowsUpdate.log?
    Thursday, September 1, 2016 4:47 PM
  • Hi Pagey,

    The WindowsUpdate.log is no longer easily available in windows 10.

    The updates that the PC's are trying to install from WSUS are

    Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB3176938)

    and

    Update for Windows 10 Version 1607 for x64-based Systems (KB3176936)

    I've read on another thread here from an office MS rep:

    "2. Clients have upgraded to 1607 using Anniversary Update, but cannot get Cumulative Updates

    This is a bug in the Windows client that will be fixed in an upcoming cumulative update.  In the meantime, clients may experience some delay in getting the monthly content, but they will eventually download it.  The workaround here is to simply wait longer than usual, or to scan directly against Windows Update if you've waited several days and haven't seen any download success in that time."

    Looks like a known bug?

    I also read in the same thread that if you manually install these KB's it breaks the log in profile...

    Thursday, September 1, 2016 5:58 PM
  • Yes same issue to resolve it I manually downloaded the 2 offending patches that are getting stuck and installed them. A bit of faff but it worked.

    On a more serious note I don't like that fact that if windows update has an issue with an update then no new updates will EVER be downloaded and installed until you fix the offending ones. This is not great really but I guess it is because newer updates might rely on the updates previously.

    But for some average joe person on their home computer this would be quite bad as they might never realise that they haven't updated for months because one is stuck. Maybe Windows should send a warning via the desktop after a couple of months saying there is an issue.


    Thursday, September 1, 2016 9:08 PM
  • Known issue with 1607 being unable to download cumulative updates from WSUS.

    See this thread.

    https://social.technet.microsoft.com/Forums/office/en-US/5521e7f1-fa2d-4867-a47c-b276c66e6a82/windows-10-anniversary-update-1607?forum=winserverwsus


    Eric S.

    • Marked as answer by technet usr Thursday, September 1, 2016 10:55 PM
    Thursday, September 1, 2016 10:00 PM
  • thanks all. What a mess this is...

    Definitely will not be rolling out 1607 to any other networks for a couple of months!

    Thursday, September 1, 2016 10:55 PM
  • Hi TechNet usr,

    On the one hand, you may upgrade your computers to 1607 when the upgrade is more stable;

    On the other hand, as for your issue that 1607 computers do not install the cumulative updates, you may try if the following method could work:

    1. Reset the computer;

    2. Enable the windows update service is "starting";

    3. Clear SoftwareDistribution folder;

    4. Turn on windows defender;

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Tuesday, September 6, 2016 8:13 AM
  • Hi Anne,

    As a workaround we changed the GPO to disable the "specify windows update server" so the updates were downloaded off the internet from Microsoft. (ie. disable WSUS completely)

    The problem here was the fact that there were 60 PC's all downloading a 400MB CU over a 8Mbps line on a Monday morning..

    It will be interesting to see if it's possible to fix WSUS integration post 1607 upgrade without any manual steps as you describe. If not, the best option would be to skip 1607 and wait a few months for the next Redstone 2 release.

    Tuesday, September 6, 2016 5:56 PM