none
WSUS problem, all Windows 10 1703 Updates not applicable to all Workstations RRS feed

  • Question

  • All Windows 10 Updates showing as not applicable to all windows 10 (1703) workstations?

    All workstations have reported in to WSUS and are installing the Office 2016 updates with no problems.

    Windows 10 1703 build currently 15063.632, it is a corporate build deployed by MDT/WDS mid January.

    WSUS 6.3.9600.18838 has been rebuilt to pick up the Windows 10 Updates (which it can now do).

    Products Ticked in WSUS: 3 x Windows 10 Creators Updates which didn't pickup any Windows 10 Updates so also ticked Windows 10.

    Classifications Ticked: Critical Updates, Security Updates, Definition Updates, Update Rollups and Updates.

    We are showing hundreds of windows 10 updates of all versions and manually approve the 1703x64 updates only to a WSUS Test Group.

    All workstations show all windows 10 updates as not applicable.

    The workstations in the test group have had the software distribution folder renamed as suggested in other posts but still all updates not applicable, is there any definitive instructions from Microsoft regards WSUS 6.3 and Windows 10 1703 updates I can check out, or anyone point me to a specific blog for WSUS on 2012R2 server and Windows 10 1703.

    -------------------------

    Updated information: We have now built a new 2016 WSUS, only selected the windows 10 products and classifications as above.

    The test machines are attached but show the same problem, all workstations are showing as 100% updated all updates listed as not applicable.

    ------------------------

    Might have it sorted will update this page after systems have had a chance over the weekend to catch up.

    With thanks

    Steve



    • Edited by sml7748 Friday, March 9, 2018 1:23 PM
    Thursday, March 1, 2018 9:54 AM

Answers

  • 99% sure I've sorted it, Currently getting machines to check in and update.

    We had 2 Group Policies that I believe were causing the problem.

    Original WSUS policy when checked had an entry at the bottom for Extra Registry Setting HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\DisableOSUpgrade

    A Second Policy with Extra Registry Setting was found in a Workstation High Security Policy.HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\DeferUpgrade

    Once the WSUS policy was recreated from scratch the Extra Registry setting disappeared.

    The Security Policy was Disabled temporarily to allow the workstations to check in, we will re-created the policy to see if it cures the Extra Registry Setting.

    One more point is the original WSUS 2012R2 server also has Workstations checking in for Windows 10 Updates so we will remove the 2016 server and re-direct all workstations to the original 2012R2 server at the end of the week. 

    • Marked as answer by sml7748 Tuesday, March 13, 2018 8:53 AM
    Tuesday, March 13, 2018 8:53 AM

All replies

  • Hi,

    I've got exactly the same problem. All my Windows 10 computers are in version 1703, and impossible to update to release 1709, all computers are "up to date" in windows update console :(

    In my WSUS console, KBs for 1709 release are in state "Installed/Not applicable".

    My WSUS run with Windows Server 2016.

    If you find a solution, please post it.

    Thanks

    Flo

    Friday, March 9, 2018 2:26 PM
  • 99% sure I've sorted it, Currently getting machines to check in and update.

    We had 2 Group Policies that I believe were causing the problem.

    Original WSUS policy when checked had an entry at the bottom for Extra Registry Setting HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\DisableOSUpgrade

    A Second Policy with Extra Registry Setting was found in a Workstation High Security Policy.HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\DeferUpgrade

    Once the WSUS policy was recreated from scratch the Extra Registry setting disappeared.

    The Security Policy was Disabled temporarily to allow the workstations to check in, we will re-created the policy to see if it cures the Extra Registry Setting.

    One more point is the original WSUS 2012R2 server also has Workstations checking in for Windows 10 Updates so we will remove the 2016 server and re-direct all workstations to the original 2012R2 server at the end of the week. 

    • Marked as answer by sml7748 Tuesday, March 13, 2018 8:53 AM
    Tuesday, March 13, 2018 8:53 AM
  • We have similar issue in our organisation. WSUS 2012R2 not working correctly with all Windows 10 (1709,1703,1607 etc.) workstations. Clients reports to WSUS that all updates are not applicable/installed, though for example latests CU is not installed. Despite that, latests CU (Cumulative Update for example) is not approved in WSUS, clients connect to Windows Update online servers and install this update bypassing WSUS. Such a way when about 200 PCs try downloading updates from WU our Internet connection is completly exhaused. Windows 7 and 8.1 clients working flawless on the same GPO settings. 
    Tuesday, March 13, 2018 9:02 PM
  • Hi Nynor

    Did you add the .esd/vnd.ms-cab-compressed entry to the iis site on the 2012R2 WSUS server, there is several blogs which I found detailing how to do it.

    Hope its helpful.

    Steve

    Wednesday, March 14, 2018 1:08 PM
  • Steve

    I only add .esd (application/octet-stream) as MIME type in IIS

    We managed to resolve issue with WSUS and Win10. Maybe this solution can help other people bothering with the same problem. Finally turned out that GPO related to defer feature upgrade ie. Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > Select when Feature Updates are received caused problem. When we set Not configured this GPO everything begin works perfectly

    Wednesday, March 14, 2018 1:23 PM
  • Good to hear its working again, 

    I think Microsoft have been Missing the point of their own product, WSUS and Windows 10 for larger organisations.

    I wasted over a week on this.

    Steve

    Wednesday, March 14, 2018 1:32 PM
  • I waste over month to find solution... finally I effort "trial and error" method and bingo, it's start working.

    I hate Windows 10 for forcible imposition everything, new control panel, huge blotware apps out of the box, feature updates every half year, etc. This is maybe good OS for home users but in large organisation this is nightmare for admins. OMG It's seems that now Pro version is for home users and you must purchase Enterprise edition because MS blocked almost everything when u try tune your environment or disable inconvenient things using GPO



    • Edited by nynor Wednesday, March 14, 2018 1:45 PM
    Wednesday, March 14, 2018 1:42 PM