none
MDT 2013 : WUMU_ExcludeID inside Rules doesn't work RRS feed

  • Question

  • Environment: Windows Server 2008R2 + MDT 2013 + Windows 8.1

    I'm using the WUMU_ExcludeKB and WUMU_ExcludeID in my rules.

    WUMU_ExcludeKB seems to work pretty well but I have difficulties with WUMU_ExcludeID. Maybe I'm not using the good ID, for instance in the Microsoft Catalog I would like to exclude this update:
    http://catalog.update.microsoft.com/v7/site/ScopedViewInline.aspx?updateid=a1855a75-0737-47e3-8480-51256daa4d72

    So I have: 

    ;Lenovo Other hardware software update released in November, 2012
    WUMU_ExcludeID1=a1855a75-0737-47e3-8480-51256daa4d72

    Is there something wrong?

    Thursday, November 7, 2013 10:17 AM

All replies

  • Use the GUID from the ZTIWindowsUpdate.log file. It will list the GUID for all updates it tries to install.

    If you are unsure, you can run:

    cscript.exe \\server\deploymentshare$\Scripts\ZTIWindowsUpdate.wsf /query

    this will show you all the updates that *would* be applied, without actually running them.


    Keith Garner - keithga.wordpress.com

    Friday, November 8, 2013 7:23 AM
    Moderator
  • Hi Keith,

    Thanks for reply.

    I can't find ZTIWindowsUpdate.log anywhere.

    When I run cscript.exe \\server\deploymentshare$\Scripts\ZTIWindowsUpdate.wsf /query I get this output:

    Microsoft (R) Windows Script Host Version 5.8
    Copyright (C) Microsoft Corporation. All rights reserved.

    Property query is now = 
    Microsoft Deployment Toolkit version: 6.2.5019.0
    Begin Windows Update. Reboot=[]  Retry=[]  Count = 1
    Property MSIT_WU_Count is now = 2
    Configuring Windows Update settings (manual update, use server)
    ZTI ERROR - Unhandled error returned by ZTIWindowsUpdate: Invalid root in registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\UseWUServer". (-2147024891  0x80070005)
    Friday, November 8, 2013 9:24 AM
  • That's a different problem. What is in this registry key? What happens if you add/remove it?

    Keith Garner - keithga.wordpress.com

    Friday, November 8, 2013 7:57 PM
    Moderator
  • Hi Keith,

    In the registry key, there is no ID {blablabla}, just "Power Management Driver".

    If I remove it, the Windows update step will install it again.

    What I should do is a script that will be launch just after the last Windows update step with uninstall parameters.

    What do you think?

    Monday, November 11, 2013 9:20 AM
  • Are you running ZTIWindowsUpdate.wsf elevated?

    Keith Garner - keithga.wordpress.com

    Monday, November 11, 2013 5:30 PM
    Moderator
  • Windows Update runs under local administrator context during the deployment.
    Tuesday, November 12, 2013 7:01 AM
  • You are jumping back and forth between two different problems here.

    I asked if you were running ZTIWindowsUpdate elevated. Obviously ZTIWindowsUpdate runs elevated when running within the task sequence, *HOWEVER* the error you experienced above with the registry key, was run while running ZTIWindowsUpdate *Manually*. So to rephrase my question: did you run ZTIWindowsUpdate.wsf elevated, while running manually?


    Keith Garner - keithga.wordpress.com

    Tuesday, November 12, 2013 7:33 PM
    Moderator
  • Hi Keith,

    I get this log:

    Microsoft (R) Windows Script Host Version 5.8
    Copyright (C) Microsoft Corporation. All rights reserved.

    Property query is now = 
    Microsoft Deployment Toolkit version: 6.2.5019.0
    Begin Windows Update. Reboot=[]  Retry=[]  Count = 0
    Property MSIT_WU_Count is now = 1
    Configuring Windows Update settings (manual update, use server)
    Windows Update Agent verion 8 found, OK to continue
    Ready to Opt-In to Microsoft Update: WUA Version: 7.9.9600.16403
    Registered Update Service: 7971f918-a847-4430-9279-4a52d1efe18d   Microsoft Update
    Registered Update Service: 117cab2d-82b1-4b5a-a08c-4d62dbee7782   Windows Store
    Registered Update Service: 9482f4b4-e343-43b6-b170-9a65bc822c77   Windows Update
    Microsoft Update Service:  Enabled = True
    Command Line Procesed Query=True Registered=False  UpdateCommand=[IsInstalled = 0 and IsHidden = 0 and Type = 'Software']
    Start Search...
    Scan complete, ready to install updates. Count = 0
    This computer is up to date (Success)
    Property MSIT_WU_Count is now = 
    Restore NoAutoUpdateKey to <empty>.
    ZTIWindowsUpdate processing completed successfully.
    Unable to create WebService class

    Not sure where I'm supposed to find my update?

    Friday, November 15, 2013 1:35 PM
  • Ha!

    In this latest case, your machine is up to date, and there were *no* updates to install.

    YOu may need to revert back to an un-patched image and test again.

    Sorry.


    Keith Garner - keithga.wordpress.com

    Sunday, November 17, 2013 10:18 PM
    Moderator
  • Hi Keith,

    I have a similar issue to the gentleman above, in that when running the script it tells me that no updates are required. However I know for a fact that this is not the case, because if I run the MS Baseline security analyzer, it lists many entries that are required.

    I'm running the script on a Windows xp client, not as a SCCM task sequence.

    Do I need to specify a WSUSServer property at all?

    If not, is this simply that the client cannot talk to the update server to confirm if there are any patches required? If so, I would have expected a different error message.

    Here's the output txt :

    C:\>cscript.exe C:\wsus\ZTIWindowsUpdate.wsf
    Microsoft (R) Windows Script Host Version 5.7
    Copyright (C) Microsoft Corporation. All rights reserved.

    Microsoft Deployment Toolkit version: 5.1.1642.01
    Begin Windows Update. Reboot=[]  Retry=[]  Count = 0
    Property MSIT_WU_Count is now = 1
    Configuring Windows Update settings (manual update, use server)
    Windows Update Agent verion 6 found, OK to continue
    Ready to Opt-In to Microsoft Update: WUA Version: 7.4.7600.226
    Registered Update Service: 9482f4b4-e343-43b6-b170-9a65bc822c77   Windows Update
    Registered Update Service: 7971f918-a847-4430-9279-4a52d1efe18d   Microsoft Update
    Registered Update Service: 3da21691-e39d-4da6-8a4b-b43877bcb1b7   Windows Server Update Service
    Registered Update Service: b00fd24f-7b65-4f42-bfdc-9b5b3794cf7a   SMS_WUA_Service
    Microsoft Update Service:  Enabled = True
    Command Line Procesed Query=False Registered=True  UpdateCommand=[IsInstalled = 0 and IsHidden = 0]
    Start Search...
    Scan complete, ready to install updates. Count = 0
    This computer is up to date (Success)
    Property MSIT_WU_Count is now =
    Restore NoAutoUpdateKey to 1
    ZTIWindowsUpdate processing completed successfully.

    All help appreciated :)

    Monday, November 18, 2013 4:45 PM