Microsoft has officially acknowledged two bugs in Tuesday’s KB 4034658, the August cumulative update for Windows 10 Anniversary Update (version 1607) and Server 2016, which brings both up to build 14393.1539. Now I’m seeing reports of two additional bugs that warrant your attention.
Microsoft describes the first bug this way:
For some users, their “Update History” does not list previously installed updates.
Someusers? Meh. As far as I know, everyone who installs KB 4034658 has their Update History wiped clean.
Microsoft provides this workaround:
As an alternative, to see which quality updates have been applied, navigate to the inventory by going to Control Panel -> Programs -> “View Installed Updates”
Note: If the Configure Automatic Updates policy is disabled, then this policy is not applicable. These are the two most important policies for WSUS Server. If you encounter a problem when setting it up initially, then take a look at these policies first. The update has already been downloaded and installed, but the client computer has not contacted the WSUS server since the update was installed. The update has already been downloaded and installed, but the client computer must be restarted before changes go into effect. For this post, we will be looking into how to use SCCM to add Microsoft Update Catalog into WSUS Server. Have you ever ran into a software update that wasn’t available in WSUS. All your KBs should get installed via WSUS. Once more, a big thank you to reader Dave for the idea. Benoit Lecours.
Microsoft is investigating this issue and will provide an update as soon as possible.
Updates Installed Not Applicable Wsus Server 2016
I won’t hold my breath.
@abbodi86 on the AskWoody Lounge has an explanation for what happened. On July 18, Microsoft released a massive manual-download-only patch called KB 4025334. Part of that patch included a new Windows Update Agent that requires a refreshed Windows Update database. Instead of rebuilding your Windows Update database as part of the installation procedure, KB 4025334 simply wipes it out. You start with an empty Windows Update database.
KB 4034658, being a cumulative update, includes the changes in the earlier KB 4025334. Few people installed the July 18 patch, but everybody who isn't blocking Auto Update got KB 4034658. Apparently this database wipe-out wasn’t caught until it got pushed out to a wider audience on Tuesday.
+ Related: Windows 10 1607 cumulative update KB 4034658 wipes out Update History +
Abbodi86 goes on to explain that the old Control Panel still has the list of updates because it relies on a database of actual installed updates, which is maintained separately from the Windows Update database.
Microsoft’s official acknowledgement goes on to say:
Some users may find that updates that were previously hidden may not be offered after installing this update.
There’s that “some users” stuff again. Infuriating. Every Windows 10 1607/Server 2016 customer who installed this month’s cumulative update got their hidden update list knocked out. @MrBrian believes the hidden updates bug is a result of this patch-deleting datastore.edb.
Deleting the hidden updates list is a big deal for people who, like @NetDef, had the Creators Update/1703 upgrade held at bay by hiding the update. It’s also a real pain for anyone who’s protecting a specific driver by telling Windows to skip its buggy version. The only workaround offered by Microsoft is to go back in and hide the patches you don’t want.
But wait, there are 2 more unofficial bugs
Those are the two officially acknowledged bugs. (A hat tip to the folks at MS who posted this information quickly!) But I’m seeing reports of two more bugs.
The patch, at least when applied to the Long Term Servicing Channel (LTSC) 2016, seems to break the connection to the Update server WSUS. From an anonymous poster on AskWoody:
We are using in our company W10 LTSB2016 (1607) and are facing the same problem wiping out the update history. But we have second problem. All clients that got the update KB 4034658 via WSUS not only loose their update history, they also loose the connection to the WSUS-Server. Looking for update will time out with 0x8024401c. All clients that have KB 4034658 not yet installed connect with no problems to the WSUS server. Thanks goodness that we rollout client updates only to small number of clients to see what Microsoft put into present box.
This may be an apparition of the bug reported with KB 4025336, where per Günter Born, the July cumulative update for Server 2012 and 2012 R2 blocks the connection to WSUS.
And from poster CADesertRat:
It also wiped out all but my 2 most recent Restore Points for some reason.
Can you corroborate either or both of those reports? Sound off on the AskWoody Lounge.
Posted byUpdate 28/04/2018: - You can actually use DISM to force install KB3159706 and avoid all the uninstall nonsense. First extract .msu file and then install it using elevated CMD prompt. Credit to terencedurning
CD into extracted folder and run DISM on the .cab file
Do the same for KB3095113
Run post servicing:
Clean up database, follow both links - 1607 version and 1703 version. Use this idea to also fix 1709 if required.
Done? Great, now on your clients you need to stop windows update service, delete SoftwareDistribution folder and restart update service again. Feel free to use my PowerShell script for that, it's great for fixing most general Windows update issues and should work for all Windows operating systems including servers. Script will also prompt UAC so you can just run it normally from right click menu.
In the Add Roles and Features Wizard, add HTTP Activation under Features > .NET Framework 4.5 Features > WCF Services - more in [this article](https://kb.stonegroup.co.uk/windows-server-update-services-(wsus)-not-working-after-may-2016-windows-update_620.html)
If you are fixing replica WSUS, you might have to run cleanup PowerShell and SQL queries on main server, sync, do a cleanup on replica, re-apply updates on main and sync clean updates on replica.
Solution (old): - credit to greensysadmin below
Please back up your server before uninstalling any updates! I already lost VM to this fix, did not have checkpoint and below are steps required even for fresh OS/WSUS installs, but not documented anywhere. Looks like there is a problem with 706 and 113 recognizing KB2919355 so they fail to install. Reinstalling this prerequisite solves the problem.
Uninstall KB2883200
Uninstall KB2894029
Uninstall KB2894179
uninstall KB2919355
Reboot
Reinstall KB2919355
Install KB3159706 from catalog
Install KB3095113
Follow KB3159706 To enable ESD
Add a MIME-Type for ‘.esd application/octet-stream’ in IIS
Error 0xc1800118 fix: Your database is 'dirty' aka you applied fixes after downloading upgrades, you will need to disable upgrades, delete files, re-enable them and re-synchronize again
How to tell if database is dirty? Install SQL manager (SSMS) Run this query on SUSDB, if it returns 0, your DB is clean:
**ORIGINAL POST **
Hi guys
Problem 1: I've deployed 4 WSUS servers over WAN in our environment, one master and 3 replicas back when Windows 10 came out, it was a fresh install and worked great... until 1607 came out ofc. After spending many hours 6 months ago, I somehow got it to work on master, but I can't remember what exactly I did. So while trying to retrace all steps online, I seem to be stuck at not being able to update replicas with these Windows updates:
KB3159706
KB3095113
Without them, all machines are giving errors such as 0x80240031 and 0xc1800118 (and few more) which means there is decryption problem. At first these errors were instant because databases on all replicas are bad. As a last resort I 'fixed' one of the databases, but server is still missing KB3159706 patch. This allowed clients to actually initiate downloads of 1607 and 1703, but they fail with the same errors few minutes later during installation process.
The error I get when I try to install these WSUS updates are - 'Update is not applicable'. I have all required prerequisite updates installed, btw.
Windows Update Not Applicable Your Computer
I am literary out of ideas, options and nerves. Any insight with this would be appreciated.
P.S. Yes, I have configured .ESD stream-octet in apppool and yes, database is fixed and comes back with no errors.
Wsus Clients Not Downloading Updates
Should I try to delete all upgrades on master and all replicas and retry downloading them? This will disrupt updates in all offices though.
Also Problem 2: With 1703 update (which also came with database issues that I remember fixing), none of the clients automatically download updates anymore, we have to initiate them manually from each client (click 'Retry'), often have to delete SoftwareDistribution folder for updates to work again.
Wsus Updates Not Installing Automatically
Should I just Reinstall OS+WSUS on all 4 servers? That'll take me a weekend to do on all sites...