locked
Need a list of updates not available in WSUS... RRS feed

  • Question

  • I have a boss that is requesting a list of updates that are not available in WSUS or the MS Update Catalog.  He wants to ensure that updates not present in those applications are still presented by another means; so that, he can decide if he wants to apply them to our servers that may benefit from the update.  This came up because SQL Server 2008 R2 service pack 2 & 3 are not available in WSUS; as a result, he wants to know how many other updates are not available in WSUS.

    I initially posted this to the incorrect community.

    Sincerely

    Gerald
    Tuesday, June 10, 2014 3:00 PM

Answers

  • Certainly as far as WSUS is concerned I don't think there's any way to do that. WSUS only has knowledge about those updates that have been released and made available to it for distribution, so there's no way for it to know about those updates which for one reason or another it's been decided won't be made available through that method of deployment.

    Generally speaking the only updates that are affected by this kind of situation are large updates which make a significant impact on the server, and as such need planning and attention when being installed (rather than being installed in an unattended fashion, so for instance some services packs for things like SQL and Exchange, cumulative updates for Exchange etc.

    The decision for making an update available via Microsoft Update, and by extension via WSUS is made by the relevant product group for the individual server software, so is outside of the control of the WSUS team.

    There's a bit of a discussion of the issue here http://social.technet.microsoft.com/Forums/windowsserver/en-US/bd9ecccf-d659-4ea7-b366-7e826e678780/sql-2008-r2-sp2-release-to-wsus?forum=winserverwsus and other places online, but I guess the upshot is that those updates not available via WSUS should probably be considered those that also need additional care and testing before installing.

    • Marked as answer by Daniel JiSun Tuesday, June 17, 2014 9:07 AM
    Tuesday, June 10, 2014 8:30 PM
  • I have a boss that is requesting a list of updates that are not available in WSUS or the MS Update Catalog.

    The only way to obtain such a list would be to comb through all of the entries in KB894199 (and it's child documents), and manually enumerate those that were NOT released to WSUS or the catalog. Even then, not everything will even be enumerated in that list. To your point about SQL Server -- those service packs won't even appear in KB894199 because they were not published to any patch management service maintained by Microsoft.

    He wants to ensure that updates not present in those applications are still presented by another means; so that, he can decide if he wants to apply them to our servers that may benefit from the update.

    There's a pretty practical reason why an update is not published to WSUS ... and that would be because the update should NOT be mass applied to all the systems in the enterprise. Yes, there are some updates not available via WSUS that may be needed throughout an enterprise. We know there's a prerequisite for IE10 on Windows 7 that has to be imported from the catalog, and KB2734608 was intentionally NOT published to WSUS or the catalog because of the manual procedures required to install the update.

    because SQL Server 2008 R2 service pack 2 & 3 are not available in WSUS

    SQL Server service packs have not been available via WSUS for a very long time. But this is more a function of the application administrator being aware of what is required to maintain the application. Similar issues impact Exchange Server. Most Sharepoint updates are not available via WSUS because of the manual procedures required to patch Sharepoint.

    as a result, he wants to know how many other updates are not available in WSUS.
    I would suggest the better methodology to approach this is by individual applications, not by the comprehensive collection of updates published to WSUS over the past ten years.

    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    • Marked as answer by Daniel JiSun Tuesday, June 17, 2014 9:07 AM
    Friday, June 13, 2014 7:17 PM

All replies

  • Certainly as far as WSUS is concerned I don't think there's any way to do that. WSUS only has knowledge about those updates that have been released and made available to it for distribution, so there's no way for it to know about those updates which for one reason or another it's been decided won't be made available through that method of deployment.

    Generally speaking the only updates that are affected by this kind of situation are large updates which make a significant impact on the server, and as such need planning and attention when being installed (rather than being installed in an unattended fashion, so for instance some services packs for things like SQL and Exchange, cumulative updates for Exchange etc.

    The decision for making an update available via Microsoft Update, and by extension via WSUS is made by the relevant product group for the individual server software, so is outside of the control of the WSUS team.

    There's a bit of a discussion of the issue here http://social.technet.microsoft.com/Forums/windowsserver/en-US/bd9ecccf-d659-4ea7-b366-7e826e678780/sql-2008-r2-sp2-release-to-wsus?forum=winserverwsus and other places online, but I guess the upshot is that those updates not available via WSUS should probably be considered those that also need additional care and testing before installing.

    • Marked as answer by Daniel JiSun Tuesday, June 17, 2014 9:07 AM
    Tuesday, June 10, 2014 8:30 PM
  • I have a boss that is requesting a list of updates that are not available in WSUS or the MS Update Catalog.

    The only way to obtain such a list would be to comb through all of the entries in KB894199 (and it's child documents), and manually enumerate those that were NOT released to WSUS or the catalog. Even then, not everything will even be enumerated in that list. To your point about SQL Server -- those service packs won't even appear in KB894199 because they were not published to any patch management service maintained by Microsoft.

    He wants to ensure that updates not present in those applications are still presented by another means; so that, he can decide if he wants to apply them to our servers that may benefit from the update.

    There's a pretty practical reason why an update is not published to WSUS ... and that would be because the update should NOT be mass applied to all the systems in the enterprise. Yes, there are some updates not available via WSUS that may be needed throughout an enterprise. We know there's a prerequisite for IE10 on Windows 7 that has to be imported from the catalog, and KB2734608 was intentionally NOT published to WSUS or the catalog because of the manual procedures required to install the update.

    because SQL Server 2008 R2 service pack 2 & 3 are not available in WSUS

    SQL Server service packs have not been available via WSUS for a very long time. But this is more a function of the application administrator being aware of what is required to maintain the application. Similar issues impact Exchange Server. Most Sharepoint updates are not available via WSUS because of the manual procedures required to patch Sharepoint.

    as a result, he wants to know how many other updates are not available in WSUS.
    I would suggest the better methodology to approach this is by individual applications, not by the comprehensive collection of updates published to WSUS over the past ten years.

    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    • Marked as answer by Daniel JiSun Tuesday, June 17, 2014 9:07 AM
    Friday, June 13, 2014 7:17 PM