locked
WSUS and Win10 1709 - Forcing reboot during active hrs RRS feed

  • Question

  • I have a windows server 2016 which has the WSUS role.

    When I put my win10 machines on the WSUS and approve the 1709 update, the machines bring down the update and then schedule the reboot for 11:00AM.

    I have re-created this issue on 3 computer's.

    Overall, before checking for updates/running the 1709 update, I verified active hrs were set to 8am-5pm.

    Anyone have any idea why windows/wsus is forcing this reboot inside of active hrs?


    • Edited by vs2017sv Friday, December 1, 2017 4:49 PM
    Friday, December 1, 2017 4:48 PM

Answers

  • Hi,

    Have you configured "Dead Line" for that 1709 upgrade :

    If yes , please remove the Deadline configuration in update approval .

     

    Best Regards,

    Elton


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by vs2017sv Thursday, December 28, 2017 4:38 PM
    Wednesday, December 6, 2017 3:09 AM

All replies

  • Although active hours are set up as a range, are you sure that the GPO or Registry is telling it to ACTUALLY USE the active hours? The registry entry for this is SetActiveHours=1 (HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate)

    https://docs.microsoft.com/en-us/windows/deployment/update/waas-restart


    Adam Marshall, MCSE: Security
    http://www.adamj.org
    Microsoft MVP - Windows and Devices for IT


    • Edited by AJTek.caMVP Saturday, December 2, 2017 3:50 AM
    Saturday, December 2, 2017 3:49 AM
  • I do not have that key in place.

    I do have those active hrs built into my image's though.

    Do you see any issue with me adding this as a key that gets placed on all os's (win7-10), or should I limit it to just windows 10?

    HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate
    SetActiveHours=1 

    Please advise.

    Thanks

    Monday, December 4, 2017 7:35 PM
  • Only Windows 10 systems (1607 and higher) and Server 2016 that look for this key will honour the key - older systems will ignore the key, so it's fine to put it on all systems.

    I have it in my policies that apply to even Server 2012 and 2012R2 systems.


    Adam Marshall, MCSE: Security
    http://www.adamj.org
    Microsoft MVP - Windows and Devices for IT

    Monday, December 4, 2017 10:44 PM
  • Hi,

    Have you tried to configure local GPO entry "Turn off auto-restart for updates during active hours" :

    1. type command "gpedit"

    2. local computer policy --> computer configuration --> administrative templates --> windows components -->windows update

    In addition , what is the build number of your 1709 ? (I tested several times in my lab win10 1709 , the issue didn't occur. )

    Best Regards,

    Elton


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, December 5, 2017 5:22 AM
  • Hi,

    Have you tried to configure local GPO entry "Turn off auto-restart for updates during active hours" :

    1. type command "gpedit"

    2. local computer policy --> computer configuration --> administrative templates --> windows components -->windows update

    In addition , what is the build number of your 1709 ? (I tested several times in my lab win10 1709 , the issue didn't occur. )

    Best Regards,

    Elton


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    I am not using AD/GP.

    Trying to accomplish this via reg keys.

    When I make the GP change and watch procmon, I see the following keys change.

    18:35.9 svchost.exe 5256 RegSetValue HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\SetAutoRestartNotificationDisable SUCCESS Type: REG_DWORD, Length: 4, Data: 1
    18:35.9 svchost.exe 5256 RegSetValue HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\UseBandwidthOptimization SUCCESS Type: REG_DWORD, Length: 4, Data: 1
    18:35.9 svchost.exe 5256 RegSetValue HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\OptimizeBandwidth SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    18:35.9 svchost.exe 5256 RegSetValue HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fAllowUnsolicited SUCCESS Type: REG_DWORD, Length: 4, Data: 1
    18:35.9 svchost.exe 5256 RegSetValue HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fAllowUnsolicitedFullControl SUCCESS Type: REG_DWORD, Length: 4, Data: 1
    18:35.9 svchost.exe 5256 RegSetValue HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit\admin SUCCESS Type: REG_SZ, Length: 18, Data: ccsadmin

    Tuesday, December 5, 2017 2:20 PM
  • So I set the following reg key and tested on another machine. This machine once agin, wants to apply the update at 11am.

    Any help is greatly appreciated!


    Tuesday, December 5, 2017 5:05 PM
  • Hi,

    Have you configured "Dead Line" for that 1709 upgrade :

    If yes , please remove the Deadline configuration in update approval .

     

    Best Regards,

    Elton


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by vs2017sv Thursday, December 28, 2017 4:38 PM
    Wednesday, December 6, 2017 3:09 AM