locked
Attempting to deploy Windows 10 build 1607 over WSUS, clients say they're up to date RRS feed

  • Question

  • I have a strange issue and I'll do my best to explain it. I really hope somebody has a solution.

    Yesterday the Windows 10 Anniversary update build 1607 appared on WSUS. I've been testing the build and making adjustments with the domain to make sure it works correctly. After enough testing I wanted to roll out the update earlier today.

    For the november 1511 update I already took the steps to allow the Windows 10 Upgrades to show up in WSUS (Windows Server 2012 R2) and installed the correct hotfix and manually setup the IIS server to allow the downloading and decrypting of esd files. This worked flawlessly even though it took some time to get working.

    The Windows 10 update downloaded without a problem after approving them. It takes up about 28GB for the Dutch and English version. Professional and Enterprise. I was able to do the upgrade on a test PC that was running Windows 10 1511 Professional without any problems, but all other computers in the network say they're up-to-date and do not detect the upgrade at all.

    On another PC running Windows 10 Professional and three running Windows 10 Enterprise (all running the previous November update) the update simply does not appear at all. The event logs are useless since they simply say that there are no updates available.

    I never enabled any policies or settings to defer upgrades and there is no DisableUpgrade registry entry or other stuff enabled that should prevent them from happening. I'm really confused but also found out that some non-domain members don't get the update. I should be able to force this by using WSUS though!

    Any ideas?

    Wednesday, August 17, 2016 6:42 PM

Answers

  • In my case, problem was in  group policy setting: Windows components - Store - Turn off the offer to update to the latest version of Windows.
    Thursday, September 1, 2016 5:19 AM
  • Hooray! That was the solution.

    It's confusing that this policy has that effect, because it didn't affect the detection and installation of the november update of Windows 10. It seems like a bug as the Windows 10 feature updates are delivered by Windows Uppdate and not by the store. This policy was in place to avoid people upgrading Windows 8 to 8.1 manually.

    The correct policy to avoid Windows 10 upgrades was HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DisableOSUpgrade=1 and I've checked to make sure that was not being used in the network.

    Thursday, September 1, 2016 1:35 PM

All replies

  • I am in the same exact boat, 1607 update appears to download to WSUS server properly, and all clients appear to be reporting properly, but all say no updates available.

    I've installed KB 3095113 and deleted/redownloaded the 1607 update, installed KB3159706 and did the post-installation steps, added the .esd file type to IIS MIME type, nothing seems to help

    I'm quickly running out of ideas - no clue as to why clients don't think they need this update.

    Wednesday, August 17, 2016 7:22 PM
  • can you check some clients to see if (somehow) this registry setting exists?

    To block the upgrade to Windows 10 through Windows Update, specify the following registry value:

    Subkey: HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
    DWORD value: DisableOSUpgrade = 1

    https://support.microsoft.com/en-au/kb/3080351


    Don [doesn't work for MSFT, and they're probably glad about that ;]


    • Edited by DonPick Wednesday, August 17, 2016 9:30 PM
    Wednesday, August 17, 2016 9:29 PM
  • I already mentiond that I checked this and it's definitely not the case. It's really strange...

    Wednesday, August 17, 2016 10:52 PM
  • Hi Ricardo Brouwers,

    >but all other computers in the network say they're up-to-date and do not detect the upgrade at all.

    Do these clients report to the WSUS server as they needing the upgrade?

    I can detect the upgrade in my lab:

    Besides, also check if the clients can detect the upgrade from Internet.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, August 18, 2016 9:02 AM
  • Hello Anne,

    They don't. Both the clients and server say that they're up-to-date. When I look at the Feature update inside the WSUS console it says it's installed/non applicable. Ignore the Windows Defender definitions those were installed right before looking at the report.


    Searching online for updates also fails to detect anything. But I don't know for sure if that may be by design as Microsoft seems to prefer to roll it out in phases.

    Thanks.

    Thursday, August 18, 2016 10:20 AM
  • I already mentiond that I checked this and it's definitely not the case. It's really strange...

    Yes, sorry, my earlier response was directed at ggg8888ssss :(

    @Ricardo, your scenario sounds like the client is not detecting the upgrade as applicable. This *could* be due to a missing pre-requisite, or perhaps the upgrade appraiser (assuming the appraiser is used in this scenario) has not returned a "ready for upgrade" result.

    Given that the WindowsUpdate.log is not as useful on Win10 as it was on earlier platforms, I don't have a good suggestion, but if you can use the powershell cmdlet to create a WindowsUpdate.log file that *may* reveal something of use?

    https://blogs.technet.microsoft.com/charlesa_us/2015/08/06/windows-10-windowsupdate-log-and-how-to-view-it-with-powershell-or-tracefmt-exe/


    Don [doesn't work for MSFT, and they're probably glad about that ;]

    Thursday, August 18, 2016 9:00 PM
  • Hi Ricardo Brouwers,

    What about the report here:

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, August 19, 2016 2:01 AM
  • Thanks for your reply.

    It also says right here that there are no clients needing the update.

    Friday, August 19, 2016 6:54 PM
  • No problem.

    I've tried your suggestion and the log file does not show anything except that there are 0 updates available :(
    Friday, August 19, 2016 7:06 PM
  • I'm with you on this issue.  I am running into the same problem.

    Searching on the web about this issue provides no real answers, besides the unhelpful "Have you looked at KB3159706."


    Eric S.

    Friday, August 19, 2016 10:30 PM
  • I'm having the exact same issue,

    No problem with upgrading RTM version to 1511,

    But windows 10 ver. 1511 is shown as not applicable for 1607 feature upgrade.

    Update KB3159706 is already installed on WSUS server...

    Anyone knows what's going on?


    Sunday, August 21, 2016 2:14 PM
  • Hi Ricardo Brouwers,

    I am trying to involve someone familiar with this topic to further look at this issue.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Monday, August 22, 2016 3:07 AM
  • I am having the same issue in my environment.  KB3159706 is installed.  Win7 and Win8 machines are reporting they need the 1607 but no Win10 machines show they need it.

    Tuesday, August 23, 2016 1:51 PM
  • I have  same issue on one of my networks too.

    Strange thing that one group of PCs, which have default settings for delivery optimization, report  to WSUS that it needs 1607 upgrade. Another group of PCs with delivery optimization set by group policy to None, report to WSUS that upgrade 1607 is not applicable.


    • Edited by Frankas Tuesday, August 23, 2016 3:39 PM
    Tuesday, August 23, 2016 3:38 PM
  • Hi guys,

    Are you sync the upgrade prior to installing KB 3095113 and KB3159706? If the updates were synced prior to the KB being installed on the WSUS servers, please delete the updates from WSUS using instructions here:https://blogs.technet.microsoft.com/sus/2016/01/29/how-to-delete-upgrades-in-wsus/Once the updates are deleted, run another sync and then try again.

    The updates being synced before the KB was installed would cause some data loss in the SUSDB that would lead to the client being unable to get the decryption key from WSUS at the time of installation and thus causing a decryption failure for the update on the client side.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.


    Thursday, August 25, 2016 7:39 AM
  • Those two patches were installed months ago (with manual steps) due to some of the patches not getting to my Windows 8.1 machines.

    However, I did try the delete upgrade in WSUS before I opened this thread. No impact it still doesn't work.


    Eric S.

    Thursday, August 25, 2016 3:26 PM
  • Hi Eric Suger,

    All right, We'll keep researching.

    At the same time, it's recommended to open a case with MS, so that this issue can get more in-depth investigation.

    https://support.microsoft.com/en-us/gp/support-options-for-business

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.


    Friday, August 26, 2016 9:48 AM
  • A few days ago I got a mail saying that the Anniversary updates got re-released. By the time I checked the WSUS server they were already downloaded.

    Unfortunately this did not fix the problem and by now I've already manually upgraded the few machines that were most important. But I really hope that a long term fix will be available in the near future.

    Monday, August 29, 2016 3:05 PM
  • Hi Ricardo Brouwers,

    >by now I've already manually upgraded the few machines that were most important.

    Anyway, this is an workaround.

    We'll keep eyes on this issue, if there are any news, I'll feed back as soon as possible.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Tuesday, August 30, 2016 5:45 AM
  • In my case, problem was in  group policy setting: Windows components - Store - Turn off the offer to update to the latest version of Windows.
    Thursday, September 1, 2016 5:19 AM
  • Hooray! That was the solution.

    It's confusing that this policy has that effect, because it didn't affect the detection and installation of the november update of Windows 10. It seems like a bug as the Windows 10 feature updates are delivered by Windows Uppdate and not by the store. This policy was in place to avoid people upgrading Windows 8 to 8.1 manually.

    The correct policy to avoid Windows 10 upgrades was HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DisableOSUpgrade=1 and I've checked to make sure that was not being used in the network.

    Thursday, September 1, 2016 1:35 PM
  • I also had to change this Policy to Not Enabled.

    Computer Configuration/Administrative Templates/Windows Components/Windows Update/Defer Upgrade

    Now the machines are starting to show they need the 1607 update.

    Funny thing about that policy, for me it says that entry doesn't do anything if you are pointing to an internal WSUS server. 

    Thursday, September 1, 2016 2:04 PM
  • I checked this and made sure it was not configured or enabled and we don't have it set to ignore the latest version of Windows. I'm glad it is working for some people but it is not the case in my environment.
    Thursday, September 1, 2016 2:51 PM
  • I set "Windows components - Store - Turn off the offer to update to the latest version of Windows" to disabled in my domain GPO.   Local group policy had no affect.

    After setting this GPO, I followed these steps:

    1. Rebooted the Windows 10 1511 machines.

    2. Ran "GPUPDATE /FORCE"

    3. RAN "WUAUCLT /DETECTNOW /REPORTNOW".

    Afterwards within WSUS Console it showed the Windows 1607 for Enterprise en-us as applicable.


    Eric S.

    Thursday, September 1, 2016 3:32 PM