Contents tagged with WSUS

  • WSUS fix for update detection issues for clients with Office 2003 SP1

    Posted by bink on July 10 2008, 3:04 PM. Posted in Office, WSUS.

    Consider the following situation. You use Microsoft Windows Server Update Services (WSUS) 3.0 to deploy software updates and hotfixes to computers that are in your organization. However, some computers do not receive updates from the WSUS server. This problem occurs if the computers have Microsoft Office 2003 or components of Office 2003 installed. Note This problem affects Microsoft Windows Server Update Services 3.0 and Windows Server Update Services 3.0 Service Pack 1 (WSUS 3.0 SP1). However, in some circumstances, the following products may also be affected:

    Windows Small Business Server 2003 (Windows SBS) that has had the WSUS component upgraded from WSUS 2 to WSUS 3
    System Center Essentials 2007
    System Center Configuration Manager 2007
    See the advisory for more information. When this problem occurs, a message that resembles the following is logged in the Automatic Updates log file (%windir%\WindowsUpdate.log) on the affected computer:

    Date Time 788 ee4 PT +++++++++++ PT: Synchronizing server updates +++++++++++Date Time 788 ee4 PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://WSUS Server/ClientWebService/client.asmxDate Time 788 ee4 PT WARNING: SyncUpdates failure, error = 0x8024400E, soap client error = 7, soap error code = 400, HTTP status code = 200Date Time 788 ee4 PT WARNING: SOAP Fault: 0x000190Date Time 788 ee4 PT WARNING: faultstring:Fault occurredDate Time 788 ee4 PT WARNING: ErrorCode:InternalServerError(5)Date Time 788 ee4 PT WARNING: Message:(null)Date Time 788 ee4 PT WARNING: Method:""Date Time 788 ee4 PT WARNING: ID:c0a7445f-b989-43fa-ac20-11f8ca65fa8c

    This message is logged during the detection phase. Also, a message that resembles the following is logged in the WSUS log file (%Program Files%\Update Services\Log Files\SoftwareDistribution.log) on the WSUS computer:

    Date Time UTC Error w3wp.12 ClientImplementation.SyncUpdates System.ArgumentException: Item has already been added. Key in dictionary: '8862' Key being added: '8862'at System.Collections.Hashtable.Insert(Object key, Object nvalue, Boolean add)at System.Collections.Hashtable.Add(Object key, Object value)at Microsoft.UpdateServices.Internal.ClientImplementation.GetSyncInfo(DataAccess dataAccess, Hashtable stateTable, Hashtable deploymentTable, Boolean haveGroupsChanged, Boolean doChunking)at Microsoft.UpdateServices.Internal.ClientImplementation.SoftwareSync(DataAccess dataAccess, UnencryptedCookieData cookieData, Int32[] installedNonLeafUpdateIds, Int32[] leafUpdateIds, Boolean haveGroupsChanged, Boolean expressQuery)at Microsoft.UpdateServices.Internal.ClientImplementation.SyncUpdates(Cookie cookie, SyncUpdateParameters parameters)at Microsoft.UpdateServices.Internal.ClientImplementation.SyncUpdates(Cookie cookie, SyncUpdateParameters parameters)at Microsoft.UpdateServices.Internal.Client.SyncUpdates(Cookie cookie, SyncUpdateParameters parameters)lines removedDate Time UTC Warning w3wp.12 SoapUtilities.CreateException ThrowException: actor = http://wsusebc/ClientWebService/client.asmx, ID=c0a7445f-b989-43fa-ac20-11f8ca65fa8c, ErrorCode=InternalServerError, Message=, Client=?

    To locate this message, search the WSUS server for the ID that is obtained from the client log.

    This problem occurs because a recent revision to an Office 2003 Service Pack 1 update causes some WSUS 3.0 servers to incorrectly synchronize the revised update with the update’s approvals. When the affected client computers communicate with such a server, the Web service is unable to process the approvals. Therefore, the detection is unsuccessful.

    Download the Microsoft Windows Server Update Services (WSUS) (KB954960) package now. ( the Microsoft Windows Server Update Services x64 Edition (WSUS) (KB954960) package now.

  • Windows XP Service Pack 3 Release to Automatic Updates

    Posted by bink on July 7 2008, 4:41 PM. Posted in Windows XP, Windows Update, WSUS.

    Microsoft is committed to providing quality products to customers.  As part of this commitment, we would like to remind you that Windows XP Service Pack 3 (SP3) will be released to Automatic Updates shortly.  The third service pack to Windows XP includes the previously released updates and hotfixes to Windows XP, creating a new baseline for servicing.  

    Optional Actions

    If you wish to prevent users from installing Windows XP SP3 through Automatic Updates, Microsoft recommends you take one or more of the following steps:

    1. Download and deploy the Windows Service Pack Blocker Kit. The Blocker Toolkit is available in the Microsoft Download Center

    2. Deploy an update management solution that provides full control over the updates you deploy to computers in your network (Compare Update Management Solutions).  IT Administrators using an update management solution should use their product's standard features, rather than the Blocker Toolkit, to control SP1 distribution.

    Additional Information

    Windows XP Service Pack 3

    Update Management Solutions

    Update Management Solutions

  • Microsoft Security Advisory (954960) WSUS Blocked from Deploying Security Updates

    Posted by bink on July 1 2008, 4:49 AM. Posted in Security, WSUS.

    Microsoft is investigating public reports of a non-security issue that prevents the distribution of any updates deployed through Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1 to client systems that have Microsoft Office 2003 installed in their environment. Microsoft is aware of reports from customers who are experiencing this issue.

    Upon completing the investigation, Microsoft will take appropriate action to resolve the issue within Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1.

    Note The issue affecting System Center Configuration Manager 2007 first described in Microsoft Security Advisory 954474, where System Center Configuration Manager 2007 systems were blocked from deploying security updates, is separate from the issue described in this advisory.

    Mitigating Factors:

    This issue is limited to customers who deploy updates through Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1, and have Microsoft Office 2003 installed in their environments.

    Continue At Source
  • WSUS 3.0 Service Pack 1 Released!

    Posted by bink on February 9 2008, 1:26 AM. Posted in WSUS.

    Windows Server Update Services 3.0 Service Pack 1 delivers important customer-requested mangement, stability, and performance improvements, while incorporating further enhancements to local publishing of drivers and the Client Servicing API addition. WSUS 3.0 SP1 delivers new features that enable administrators to more easily manage and deploy updates across the organization. This package installs both the WSUS 3.0 Server and WSUS 3.0 Administration Console components, for all Windows Server 2003 SP1 supported languages. Additionally, the WSUS 3.0 SP1 client is included in all supported client platform languages. You must install the server components on a computer running Windows Server 2008 or Windows Server 2003 SP1 or later. You may install the Administration Console on a remote computer running Windows Vista, Windows Server 2008, Windows Server 2003 SP1, or Windows XP SP2.WSUS 3.0 SP1 Server Installation on Windows Small Business Server 2003If you are installing the WSUS 3.0 SP1 product on Windows Small Business Server 2003, follow the instructions in Installing Windows Server Update Services 3.0 on Windows Small Business Server 2003.
    Download At Source

    Release Notes for Windows Server Update Services 3.0 SP1

    These release notes describe known issues affecting Microsoft Windows Server Update Services 3.0 Service Pack 1 (WSUS 3.0 SP1) and include recommendations and requirements for installing the application.

    Microsoft Windows Server Update Services 3.0 SP1 Overview

    This paper introduces Microsoft Windows Server Update Services 3.0 Service Pack 1 (WSUS 3.0 SP1) and provides information about features, and server and client computer requirements.

    Deploying Microsoft Windows Server Update Services 3.0 SP1

    This paper describes how to deploy Microsoft Windows Server Update Services 3.0 Service Pack 1 (WSUS 3.0 SP1).

    Step-by-Step Guide for Windows Server Update Services 3.0 SP1

    This guide provides instructions for getting started with Microsoft Windows Server Update Services 3.0 Service Pack 1 (WSUS 3.0 SP1).

    Microsoft Windows Server Update Services 3.0 SP1 Operations Guide

    This paper documents the major tasks involved in administering and troubleshooting Microsoft Windows Server Update Services 3.0 Service Pack 1 (WSUS 3.0 SP1).

  • Managing changes from a WSUS Server

    Posted by bink on January 10 2008, 2:46 AM. Posted in WSUS.

    There are multiple ways updates can be deployed through WSUS to client machines (“client machines” mean clients of the WSUS server - the machines may be running either client or server operating systems). This posting describes these mechanisms and the way they can be controlled by the administrator in order to ensure unexpected changes do not occur.

    ·         Explicit approval. An administrator can explicitly approve an update for installation to a group of machines.

    ·         Auto-reapprove revisions. By default, when a new revision of an approved update is synchronized to the WSUS server we move the approval to the new revision. Normally this is what customers want, since new revisions never contain new binaries, just fixes to the metadata that describe how to automate the installation of the update. However we had one incident when a new revision of the Windows Desktop Search update changed the metadata so that the new revision was offered to *all* machines but the old revision was offered only to machines with older versions of Desktop Search installed, which caused it to be deployed more widely than expected for many customers (see for details). Since then, we’ve added processes to ensure this type of change will not happen again. The administrator has direct control over this and can disable the option to auto-reapprove revisions.

    o        Warning: turning off auto-reapprove revisions can create problems if the administrator has “definition updates” (signatures) in their synchronization options, because definition updates get created and expired fairly quickly and the expired ones won’t get auto-unapproved. As described in KB 938947, this can quickly lead to having too many updates approved which can cause problems for client-server communication. If auto-reapprove revisions is turned off, the administrator will need to manage revisions themselves; looking for older revisions that are approved and either unapproving them (if the new revision is marked “expired”) or move the approval to the new revision. We have provided a PowerShell sample script at that can be used to manage revisions.

    ·         Auto-approve WSUS updates. Some updates are marked as “infrastructure” updates, which means they are needed by WSUS or WUA for proper detection and scanning for many updates. These updates include MSI 3.1. WSUS creates approval rules to these by default, since they are necessary for the update system to work properly. The administrator has direct control over this and can disable the option to auto-approve WSUS updates. If disabled, WSUS will notify the admin in the home page (TODO list) that there are unapproved WSUS updates, which can lead to infrastructure problems (e.g., if MSI 3.1 is not installed on client machines, then many updates including Office Updates, can’t be properly detected).

    ·         Auto-approval rules. Administrators can create custom rules to auto-approve updates (e.g., auto-approve all security updates to all computers, or auto-approve all updates to a test target group). The administrator has direct control over this and there are no auto-approval rules enabled by default.

    ·         Initial client self-update. When a WSUS client’s Windows Update Agent (WUA) first synchronizes  against a WSUS server, it checks if the server has a newer version of the agent available in the servers “self-update” tree. If a newer version is available, the agent will self-update before completing the synchronization. Although Automatic Updates will check for self-update on every synchronization, the self update will only occur on the first synchronization unless the admin explicitly applies an update to the WSUS servers self-update tree (the next scenario).

    o        Note: Newer versions of WUA on a particular operating system are backwards-compatible with the older versions of WSUS that support that operating system.  So after WUA self-updates to the latest version, the client can later be managed by an  older WSUS server if desired. The agent never “self-downgrades” (it will stay on the latest version of WUA when talking to an older server).

    ·         Subsequent client self-updates. The WSUS team may provide an update to the WSUS server itself that modifies the client self-update tree on the server. As of this writing, only two such update have been released; WSUS 2 SP1 (which modified the WSUS 2 self-update tree) and KB 936301 (which modified the WSUS 2 SP1 self-update tree). Such updates flow to the WSUS server as normal updates. If the admin approves such an update for install on the WSUS server, then the WSUS server self-update tree will be updated and subsequently all clients that synchronize against the server will self-update. The administrator has direct control over this since clients will only perform this subsequent self-update if the administrator approves an update to the self-update tree.

    ·         Update from Microsoft Update. End users on client machines can go to Windows Update or Microsoft Update and install updates (and WUA self-updates) directly. The administrator has direct control over this since they can configure the Windows Update Agent to disallow end-user access to Windows Update and Microsoft Update.


    WSUS and AU have log files that allow customers to understand when and why a given update was installed on a machine:

    ·         The Windows Update Agent has a log file “%windir%\WindowsUpdate.log” with verbose logging on updates that have been installed.

    ·         WSUS 3.0 has a log file “%Program Files%\Update Services\LogFiles\changes.log” that contains a record of all recent approvals and who made them. If the approval was created automatically (e.g., auto-reapprove revision, auto-approval rule, or auto-approve WSUS updates), the user in the log will be “WSUS Service”.

  • Unexpected UI errors in WSUS

    Posted by bink on November 13 2007, 11:45 PM. Posted in WSUS.

    WSUS Blog:

    We have been hearing reports from some customers who use WSUS that they have been having trouble accessing their administration consoles. We have confirmed the cause of this issue and fixed it on our servers, which will automatically fix the issue for most customers on their next synchronization cycle.  This post will explain the issue in detail and provide steps customers can take to get WSUS working again even sooner.

    <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p> </o:p>

    The cause of this issue is that, on Sunday evening, Microsoft renamed a product category entry for Forefront to clarify the scope of updates that will be included in the future. Unfortunately the category name that was used included the word Nitrogen in double quotes (appearing as “Nitrogen”). A double quote is a restricted character within WSUS, which created an error condition on the administration console.  This issue occurred on many WSUS servers that synchronized with Microsoft servers between 5pm Sunday and 11am Monday Pacific Time.

    <o:p> </o:p>

    We renamed the category to eliminate the double quotes on Monday morning at 11am after investigating and validating the problem.  This will fix the issue for any impacted WSUS server the next time it synchronizes with Microsoft’s servers.  We are also improving our publishing tools to make sure that issues like this are caught during the publishing process, before they impact customers.

    <o:p> </o:p>

    It’s important to note that WSUS customers whose servers did not synchronize during this time, or end users connecting directly with Windows Update, Microsoft Update, or Automatic Updates are not impacted by this issue.

  • WSUS will become optional role for Windows Server 2008 Server Manager

    Posted by bink on November 6 2007, 3:11 AM. Posted in WSUS.

    In addition to roles and features that are included with Windows Server 2008 by default, Server Manager enables integration of additional roles and features that are available on the Microsoft Download Center and Windows Update Web sites as optional updates to Windows Server 2008.


    One role that will be available as an update is Windows Server Update Services 3.0 Service Pack 1 (WSUS 3.0 SP1). This update to Server Manager enables full integration of WSUS 3.0 SP1 into Server Manager, allowing installation, configuration, and management of WSUS 3.0 SP1 using the Server Manager console and wizards.


    Beta testers can download a server manager update for Windows Server 2008 RC0 to enable this new optional role, for now that is just WSUS. But since MS removed Windows Sharepoint Services as default available rol on WS08 I think this will become an optional role for Server manager too.

  • Desktop search via WSUS screwup explained

    Posted by bink on October 27 2007, 4:03 AM. Posted in WSUS.

    As you know, Windows Desktop Search was published last February 07, as an optional update that was only applicable to systems which had WDS previously installed. Then on Tuesday of this week we revised that update package to be applicable (but still optional) to Windows XP SP2 and Windows Server 2003 SP1+ systems which did not have WDS installed. Unfortunately, in revising this update, the decision to re-use the same update package had unintended consequences to our WSUS customers.  Namely many of you who had approved the initial update package for a limited number of machines, had Tuesdays' WDS revision 105 automatically install on all clients because of the expanded applicability scope and because by default, WSUS is set to automatically approve update revisions.  We sincerely regret the inconvenience this has caused and extend a sincere apology to all impacted customers. <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p>For those of you who want to uninstall the WDS update revision released Tuesday of this week, this can be done via <o:p></o:p>1.  Add/remove programs<o:p></o:p>2. Invoking spunisnts: %windir%\$NtUninstallKB917013$\spuninst\spuninst.exe /q /promptrestart<o:p></o:p>3. Using System Restore on Windows XP (not available on Windows Server 2003). This option will leave some software on the machine, but the invocation effectively removes WDS 3.01.  This should only be used for conditions where the /noback switch was used. <o:p></o:p>

    I want you to know we are working now to correct the issue and have temporarily suspended the distribution of the Windows Desktop Search through WSUS.  The current package will remain available through the Microsoft Download Center. We will make a new package available for WSUS in the near future, but not as an update revision, so that you can rely on predictable update behavior with auto-approval settings.   We are also working on improving our internal publishing processes to ensure this does not happen again in the future. 

    Again, our sincere apologies for this publishing process error. 

    Bobbie Harder <o:p></o:p>

    Program Manager, WSUS

  • New and modified categories for the Windows Live product family on WSUS!

    Posted by bink on September 5 2007, 2:04 PM. Posted in WSUS, Windows Live.

    You will now see eight new / modified product categories in the Windows Live family of products.<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p><o:p> </o:p>Following are the categories -
    1. Windows Live contains updates/upgrades for all Windows Live programs. All Windows Live programs are compatible with both Windows XP and Windows Vista operating systems.
    2. Messenger Installation and Upgrades contains installation and upgrade files for Windows Live Messenger, an instant messaging, file sharing, and PC to PC free calling program.
    3. Photo Gallery Installation and Upgrades contains installation and upgrade files for Windows Live Photo Gallery, a tool for editing photos and organizing and sharing photos and videos. This program expands and improves on features available in Windows Photo Gallery (part of Windows Vista), and works on either Windows XP or Windows Vista.
    4. Mail Installation and Upgrades contains installation and upgrade files for an e-mail program that allows users to manage multiple e-mail accounts, newsgroups, and RSS feeds in one place. This program combines elements of Outlook Express and Windows Mail with new features and improvements that are unique to new Windows Live Mail.
    5. Writer Installation and Upgrades contains installation and upgrade files for a program that makes it easier to edit and publish rich content to your blog. Writer is compatible with multiple blog services, including Windows Live Spaces.
    6. OneCare Family Safety Installation contains installation files for a program that helps parents protect their children from access to inappropriate website content and contacts.
    7. Sign-in Assistant Installation and Upgrades contains installation and upgrade files for a tool that simplifies switching between multiple Windows Live IDs. This program is used in conjunction with all Windows Live online services, and is therefore recommended.
    8.  Toolbar Installation and Upgrades contains installation and upgrade files for Windows Live Toolbar, an Internet Explorer extension that provides search, customizable buttons, and quick access to maps and other information.<o:p></o:p><o:p> </o:p>
    <o:p></o:p><o:p></o:p>In September, we will be submitting Beta releases for the above mentioned applications through these categories. The apps will be marked as Optional and Feature Packs. We will let you know when we ship the final release (RTM) version of the Windows Live software.<o:p></o:p>

    We recommend that if you chose to subscribe to updates for the above mentioned categories – subscribe as a group, treating all categories and updates to this family of products together.


  • Windows Server Update Services 2.0 SP1 Selfupdate tree

    Posted by bink on June 27 2007, 1:00 AM. Posted in WSUS.

    The self update tree for WSUS 2.0 SP1, enables customers to upgrade mapped WSUS 2.0 clients to the latest 3.0 version without having to upgrade the WSUS server to version 3.0. Clients checking in with WSUS 2.0 SP1 servers, which have installed this update, will automaticaly "selfupdate" to the new 3.0 client version, while retaining the version of the WSUS server at 2.0 SP1.Download At Source
  • WSUS 3.0 Released!

    Posted by bink on May 1 2007, 2:00 AM. Posted in WSUS.

    A month earlier then expected WSUS 3.0 is released to web!

    Microsoft Windows Server Update Services (WSUS) 3.0 delivers new features including an MMC-based user interface with advanced filtering and reporting, improved performance and operational reliability, flexible deployment options to improve branch office support, and more content access through the Microsoft Update Catalog site.

    Thanks Yogesh for the tip
  • WSUSDBMaintenance T-SQL Script

    Posted by bink on April 3 2007, 2:57 AM. Posted in WSUS.

    Large WSUS deployments will have their performance degrade over time if the WSUS database is not maintained properly. The WSUSDBMaintenance script is a T-SQL script that can be run by SQL Server administrators to re-index and defragment the WSUS database.Download At Source