locked
WSUS misses updates RRS feed

  • Question

  • This has been a recent event and occurring more often. We manage windows updates using WSUS and automatic updates. Also, I have a custom script I will run that checks for any pending updates. Our automatic updates occur on Sundays and I run my script on Monday or Tuesday. When I run my script against all of the hosts it shows no updates pending. Reporting looks like this:

    [4:22:10 PM] - Checking local WU settings...
    [4:22:10 PM] - Windows update agent is scheduled to run on every day at 3:00 AM
    [4:22:10 PM] - Update Server: <WSUS URL>
    [4:22:10 PM] - Target Group: CORP
    [4:22:10 PM] - WUA mode Updates are downloaded automatically, and users are prompted to install.
    [4:22:10 PM] - Instantiating Searcher
    [4:22:50 PM] - This computer does not have any pending reboots (Pre-check).
    [4:22:50 PM] - WUA mode: detect
    [4:22:50 PM] - WU Server: <WSUS URL>
    [4:22:50 PM] - Searching for missing or updates not yet applied...
    [4:22:50 PM] - There are no further updates needed for your PC at this time.
    [4:22:50 PM] - Windows Update VB Script finished

    At this point I think everything is good. Now the next Sunday some servers will reboot outside of their maintenance window and WSUS shows that they installed a couple of pending updates. I use the same script to manually install updates as well. The same script run against a machine that did not auto update suddenly says.

    [9:23:30 AM] - Script action is set to: detect
    [9:23:30 AM] - Verbose/Silent mode is set to: Silent
    [9:23:30 AM] - Restart action is set to: Do nothing (only if action is pending)
    [9:23:30 AM] - Checking local WU settings...
    [9:23:30 AM] - Windows update agent is scheduled to run on every day at 3:00 AM
    [9:23:30 AM] - Update Server: <WSUS URL>
    [9:23:30 AM] - Target Group: CORP
    [9:23:30 AM] - WUA mode Updates are downloaded automatically, and users are prompted to install.
    [9:23:30 AM] - Instantiating Searcher
    [9:24:11 AM] - This computer does not have any pending reboots (Pre-check).
    [9:24:11 AM] - WUA mode: detect
    [9:24:11 AM] - WU Server: <WSUS URL>
    [9:24:11 AM] - Searching for missing or updates not yet applied...
    [9:24:11 AM] - Missing: Update for Windows Server 2012 (KB2822241), Category ID: e6cf1350-c01b-414d-a61f-263d14d133b4
    [9:24:11 AM] - Missing: Security Update for Windows Server 2012 (KB2993651), Category ID: a105a108-7c9b-4518-bbbe-73f0fe30012b
    [9:24:11 AM] - An error has occured while instantiating search results. Error -2145124345 - . Check the C:\Windows\windowsupdate.log file for further information.
    [9:24:11 AM] - ********** Cataloging updates **********
    [9:24:11 AM] - Cataloged: Update for Windows Server 2012 (KB2822241)
    [9:24:11 AM] - Cataloged: Security Update for Windows Server 2012 (KB2993651)
    [9:24:11 AM] - Cataloged: Update for Windows Server 2012 (KB2975331)
    [9:24:11 AM] - This PC requires updates from the configured Update Server (<WSUS URL>).
    [9:24:11 AM] - Windows Update Agent has finished detecting needed updates.
    [9:24:11 AM] - Windows Update VB Script finished

    This happens despite no new updates being approved over that week. Also the updates that are pending are older and should have been installed long ago. KB2993651 seems to be involved in these incidents.

    Any insights into what would cause a multiple day delay in reporting pending updates?



    Success is a lousy teacher. It seduces smart people into thinking they can't lose. -Bill Gates

    Monday, November 2, 2015 6:39 PM

All replies

  • Hi,

    If we don't use this script, does this issue still occur? If we check the updates by using the default GUI, is there any error?

    >>Now the next Sunday some servers will reboot outside of their maintenance window and WSUS shows that they installed a couple of pending updates.

    According to the log, WUA mode Updates are downloaded automatically, and users are prompted to install. If the installation is performed by human, why do these servers reboot unexpectedly?

    Best Regards.


    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Tuesday, November 3, 2015 7:32 AM
  • Hi Steven,

    The server in the example is one that I update manually because it is a high priority DB server. I only used its report as an example because the other servers all applied their updates automatically at the specified time this Sunday.

    The GUI behaves the same way. It will say that all updates have been installed when checking after a reboot. It will display green and does not show errors in the update history.

    Regards,

    Rich


    Success is a lousy teacher. It seduces smart people into thinking they can't lose. -Bill Gates

    Tuesday, November 3, 2015 6:57 PM
  • Hi Rich,

    I've been having a very similar problem. Yesterday I patched a dozen servers manually from our WSUS servers. I waited an hour for WSUS to update and all servers are sitting at 100% with no patches required.

    I come in the next day, and two of those servers have dropped to 99%, requiring three patches now. This isn't the first time this has happened.

    One patch that I keep seeing over and over when this occurs is KB2822241, and I see that your logs have flagged that script also.

    Just wondering if you found a solution to this? I was thinking of rejecting the 2822241 patch as it seems to be the culprit here.

    Wayne


    Wayne Donaldson

    Thursday, December 3, 2015 11:14 AM
  • Hi Wayne,

    I still have not found a fix for the issue. It happened again recently though it seems to be related to a different update this time. The skipped up dates do install for me on the second run.  I'll update this thread if I figure anything out or if I see a re-occurance after updates this weekend.

    Rich


    Success is a lousy teacher. It seduces smart people into thinking they can't lose. -Bill Gates

    Thursday, December 3, 2015 11:49 PM
  • This happened again in our production environment and it is related to the exact same 3 updates KB2993651,  KB2822241 and KB2975331. I can only conclude that it is something related to these 3 updates in particular.

    Success is a lousy teacher. It seduces smart people into thinking they can't lose. -Bill Gates

    Monday, January 4, 2016 2:05 AM
  • Hi Rich,

    Any update on this? We've just encountered the same issue again, and it's these three patches:

    kb2975331
    kb2992611
    kb2993651

    Two out of three patches match yours. Did you ever get a solution for this?


    Wayne Donaldson

    Wednesday, May 4, 2016 1:22 PM
  • I never did get a definitive answer. The only conclusion I have come to is that the hosts requiring those particular patches require some other patch to be installed first. Those patches do succeed on a second install. I just wish it would notify me during our maintenance window when I check for updates and not days later.

    Success is a lousy teacher. It seduces smart people into thinking they can't lose. -Bill Gates

    Wednesday, May 4, 2016 10:29 PM