locked
Updates problems RRS feed

  • Question

  • For short we use WSUS under System Centre Essentials to deploy updates and software. Untill now i have not succeeded to deploy updates or Software successfully in one time. Everytime there are different errors on different clients. But i have downloaded for one machine all updates and put it on a dvd. With updateinstaller.exe when i install all updates for the Windows 7 systems then the updates and/or software packages deployed with SCE successfully.

    So which errors the updates show every time when updating completely the clients with that dvd all goes well. Conclusion: there are several updates missing on the clients which are needed to install other things like IE10 / several other updates etc.

    The problem is that i cannot update every client with the DVD therefore i have WSUS i believe. Problem with WSUS or system centre that there are so many updates i don't know which one to select. Select them all is very time consuming and filtering in System Centre Essentials for lets say Windows 7 is also giving many other updates like flash etc etc and for WIndows 8 which i don't need.

    Maybe someone got a idea how to find out which updates are nessesairy? I have looked in the Windowsupdate.log and run baseline security but there are so many updates there....

    Another thing which i came across: On everal clients there where updates waiting, goiing to windows update and looked at important updates there was a update which was released 2 weeks ago. The quiestion here is why is it not installed automatically?
    I have a policy run for all machines to download automatically updates and install on schedule. The update schedule start at a dspecific time. Could it be that the users are cancelling something? They do not get a message because the gpo setting is download and schedule install...? Some other updates are installed automaticcally..


    freddie

    Wednesday, July 30, 2014 11:24 AM

Answers

  • For short we use WSUS under System Centre Essentials to deploy updates and software. Untill now i have not succeeded to deploy updates or Software successfully in one time. Everytime there are different errors on different clients.

    But i have downloaded for one machine all updates and put it on a dvd. With updateinstaller.exe when i install all updates for the Windows 7 systems then the updates and/or software packages deployed with SCE successfully.

    So which errors the updates show every time when updating completely the clients with that dvd all goes well. Conclusion: there are several updates missing on the clients which are needed to install other things like IE10 / several other updates etc.

    This is a reasonable conclusion. It's why the standard patch methodology for a new (or never patched) system is to:

    1. Install the latest service pack.
    2. Install Security and Critical Updates in chronological order of release (usually one quarter at a time is sufficient).
    3. Install .NET Framework updates in chronological order.
    4. Install any other non-security/non-critical updates in chronological order.

    The key in all of this is what you note: That some updates have prerequisites and you cannot force their installation if it's not time, and installing updates in chronological order significantly reduces this complication.

    Problem with WSUS or system centre that there are so many updates i don't know which one to select.

    And this is the fundamental task of a patch administrator -- which updates to deploy?

    To get more insight on this question (rather than me writing yet another 1000 word essay that I've already written several times in this forum)... I would suggest you invest a half-day in reviewing the significant conversations in this forum, as well as reading the WSUS Product Documentation in TechNet, and then if you have specific questions about how to achieve an objective or perform a task, we can help you in this forum.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    • Proposed as answer by antwesor Wednesday, July 30, 2014 4:40 PM
    • Marked as answer by Daniel JiSun Wednesday, August 6, 2014 6:16 AM
    Wednesday, July 30, 2014 3:23 PM

All replies

  • First make sure that, Client are pointing to WSUS server,

    Cross verify in Group policies, http://technet.microsoft.com/en-us/library/cc708574(v=ws.10).aspx 

    Registry settings : http://technet.microsoft.com/en-us/library/cc708545(v=ws.10).aspx


    Regards,
    Manjunath Sullad

    Wednesday, July 30, 2014 12:50 PM
  • For short we use WSUS under System Centre Essentials to deploy updates and software. Untill now i have not succeeded to deploy updates or Software successfully in one time. Everytime there are different errors on different clients.

    But i have downloaded for one machine all updates and put it on a dvd. With updateinstaller.exe when i install all updates for the Windows 7 systems then the updates and/or software packages deployed with SCE successfully.

    So which errors the updates show every time when updating completely the clients with that dvd all goes well. Conclusion: there are several updates missing on the clients which are needed to install other things like IE10 / several other updates etc.

    This is a reasonable conclusion. It's why the standard patch methodology for a new (or never patched) system is to:

    1. Install the latest service pack.
    2. Install Security and Critical Updates in chronological order of release (usually one quarter at a time is sufficient).
    3. Install .NET Framework updates in chronological order.
    4. Install any other non-security/non-critical updates in chronological order.

    The key in all of this is what you note: That some updates have prerequisites and you cannot force their installation if it's not time, and installing updates in chronological order significantly reduces this complication.

    Problem with WSUS or system centre that there are so many updates i don't know which one to select.

    And this is the fundamental task of a patch administrator -- which updates to deploy?

    To get more insight on this question (rather than me writing yet another 1000 word essay that I've already written several times in this forum)... I would suggest you invest a half-day in reviewing the significant conversations in this forum, as well as reading the WSUS Product Documentation in TechNet, and then if you have specific questions about how to achieve an objective or perform a task, we can help you in this forum.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    • Proposed as answer by antwesor Wednesday, July 30, 2014 4:40 PM
    • Marked as answer by Daniel JiSun Wednesday, August 6, 2014 6:16 AM
    Wednesday, July 30, 2014 3:23 PM