Archive for Updates

2012 R2–We Couldn’t Complete the Updates

I’m setting up two brand new Windows 2012 R2 guests servers on a Hyper-V system. When running Windows Updates, I ran into the following frustrating error:

We couldn’t complete the updates
Undoing changes
Don’t turn off the computer

Well, after waiting an hour for this to reset, I went hunting for a solution. Thanks to my MVP friends, Boon Tee and Susan Bradley, I found out the cause and the fix! You can read Boon’s blog post here.

The issue is a conflict with some updates when your guest VM is configured as Gen2 virtual machine in Hyper-V and you have Secure Boot enabled for that VM. The fix is relatively easy:

  • First, you need to force a power off of your hung VM
  • Once it is stopped, go to the Hyper-V Settings for that VM, and disable (uncheck) the option “Enable Secure Boot”
  • Restart your VM and rerun your Windows Updates.

Please note, I generally do updates in batches – 10at a time, doing security updates firsts, then other other updates, then rollups, then .Net updates.

Windows Update Advisory

Last week Microsoft rolled out a large set of updates that cover both the Windows operating system and Microsoft Outlook. In my testing, the updates have installed fine. However, Microsoft has indicated that they have since removed some of the Windows OS updates from distribution on Friday – based on early feedback from users that they may cause a “Blue Screen of Death” (BSOD) situation.

The most sever case is with MS14-045. For details on the updates in question, check out this ZDNet article.

For I.T. personnel, Ed Langley (Naked PowerShell) has written a  series of PowerShell scripts (click here) to determine if any of the relevant updates are installed on a system.

  1. If you, tend to periodically run Windows Updates on your own workstations, I would advise against doing so until I hear more from Microsoft.
  2. The Microsoft Office updates are not involved, and can be applied as desired.
  3. Finally, it’s because of situations like these that I recommend that servers are NOT configured to have updates automatically applied.

There is nothing you need to do as a response to this email. This is simply an advisory – unless of course you have encountered a workstation that has had a BSOD.

https://technet.microsoft.com/en-us/library/security/ms14-045.aspx

http://support.microsoft.com/kb/2982791

SBS 2011 and Essential 2012 Updates

Several updates and fixes to SBS 2011 and 2012 Essentials were released in the past month, including:

1. UR5 for the Windows Server Solutions BPA :

http://support.microsoft.com/kb/2908176

2. Update 2 for SBS 2011 Standard’s Migration Preparation Tool :

http://support.microsoft.com/kb/2908177

3. Update for Essentials 2012’s Migration Preparation Tool:

http://support.microsoft.com/kb/2908178

4. Update for Health report for Essentials 2012:

http://www.microsoft.com/en-us/download/details.aspx?id=35565

Windows Update running forever on XP and 2003

There are plenty of reports of both Windows XP and Windows 2003 server systems stalling when running windows update (WU/MU). In some cases, they say that if you wait several hours, or perhaps overnight, the situation will resolve itself.

The long delay is (apparently) due to an IE detection process.

So, what does one do?

The suggestion is to download and manually install the December 10, 2013 Cumulative Security Update for Internet Explorer (MS13-097 / KB2898785). By installing it manually, you remove that detection from the workstation.

image

Be careful with KB2862330

Several new Windows updates were recently released. The word from a trusted security MVP is to be careful, especially with KB2862330 which has caused some BSOD’s on some systems (Read more on this issue).

Once again, I always encourage people to make sure that they create a system restore point before installing updates, or better yet, do regular full backups of your computer.

If you do encounter a BSOD with any Microsoft update, call Microsoft:

“We can offer anyone who has this issue and is willing to go through troubleshooting a free-of-charge support incident and Support will work with you 1-1 to get your computer(s) back into a working state. The teams who released this update do know that there may be a problem and are doing additional testing to identify the root cause of the issue that folks are experiencing,” (Ben Herila, Microsoft product manager).

Known issue with KB 2859537

Microsoft released several security updates for Windows last week, including KB 2859537. Well, it turns out that for some people, this specific update may cause  programs to not start, or worse, a BSOD (blue screen of death).

So far this only affects a small handful of people – including some gaming programs that modify the Windows kernel, some computers with existing root kits, and even users running Avast A/V. By the way, I understand Avast has already pushed out an update fix for their software.

Solution?

The problem is that we get suckered into complacency: updates come, updates are applied, we keep working. And suddenly we forget little things like creating a restore point, or making a backup before proceeding, or doing a check for the existence of root kits.

To check your computer for existing root kits and remove them, download and run Kaspersky Lab’s free TDSSKiller.

Add KB 2775511 to WSUS

In a previous blog, I described how to locate, download and install the hotfix rollup (KB 2775511) – a rollup of 90 hotfixes that will improve performance and stability to Windows 7 SP1 and Windows 2008 R2 SP1 systems.

As noted in the previous blog, this hotfix rollup is NOT automatically available via WSUS. However, it is very easy to add this rollup to WSUS for distribution to your workstations and servers.

  1. From your server hosting WSUS, open up the WSUS Console (Start –> Administrative Tools –> Windows Server Update Services
    image
  2. Click to select your server from the left hand frame, and then click Import Updates… from the right hand frame
    image
  3. This will open up the Microsoft Update Catalog site in a new browser window. In the Search box, enter 2775511 and click the Search button
    image
  4. Click the Add All button, and then click View Basket
    image   image
  5. The screen refreshes, and the option “Import directly into Windows Server Update Services” is displayed and checked. Go ahead and click on the Import button. Wait until the download completes and then click Close.
    image  image
  6. The KB will appear in WSUS list of updates after the update check has run on each workstation/server, and you can approve/schedule it accordingly.
    image
  7. And for SBS servers, the KB update can be found in the SBS Console (Security –> Updates) for scheduling.
    image

Hotfix Rollup for Windows 7 SP1 and Windows 2008 R2 SP1

On March 13, 2013 Microsoft released KB 2775511. They refer to this as “an enterprise hotfix rollup” for Windows 7 SP1 and Windows 2008 R2 SP1. This rollup contains 90 hotfixes that have been issues since the release of SP1 for Windows 7/Windows 2008 R2.

The chatter on this release is that a lot of work went into this rollup, and that you definitely want to be looking at this for your customers and your own systems. Microsoft says that this hotfix rollup improves the overall performance and system reliability of Windows 7/Windows 2008 R2 SP1 systems.

One small example: I installed it on my own Windows 7 workstation and saw a dramatic improvement in boot time.

Now, for whatever reason, you will NOT find this hotfix rollup on Microsoft Update (MU) or Windows Update (WU) or on WSUS. That’s correct – you will NOT find it there. Instead, you will find it on the Microsoft Update Catalog download site. I know … I’m with you on this one as I didn’t know about this site myself.

But lets stop gabbing and get to downloading and installing the rollup!

  1. You can read the details about this rollup here: KB 2775511 
  2. Or go straight to the Microsoft Update Catalog site
    image
  3. In the Search box, enter 2775511 and click Search
  4. The list of available files are displayed. There are separate versions of this hotfix rollup for Windows 7/x86, Windows 7/x64, Windows 2008 R2 x64, and Windows 2008 R2 Itanium.
    image
  5. Click on the Add button for those versions you want.
  6. After that, click on the Download button and choose your desired drive/folder location to store the downloads.
    image   image
  7. For each version, a folder is created with two files in it — a .exe file and a .msu file.
    Double click on the appropriate .msu file to install the hotfix.
    image
  8. Install and reboot your system. That’s it!

Now, for those who like to do performance measurement, there’s a tool called XPerf you may want to take a look at. There’s a nice blog post on using XPerf to measure Slow Boot Slow Logon (SBSL) scenarios

Windows XP 0x80070424 Update Error

I’ve encountered this error on two different Windows XP systems in the past several days, so I thought I would create a quick post in case it helps others.

Issue: If your workstation has recently been attacked with malware, after cleaning up the malware you may discover that you will get Error 0x80070424 when you try to run Windows Update or Microsoft Security Essentials:

image   image
Microsoft Security Essentials (MSE)                         Windows Update/Microsoft Update (WU/MU)

Solution is very simple:

  • Click on Start –> Run
  • Copy/paste the following command line, and press OK:

    %SYSTEMROOT%\SYSTEM32\REGSVR32.EXE %SYSTEMROOT%\SYSTEM32\WUAUENG.DLL

    image
  • You will get a response window indicating if the registry edit was successful. click OK to finish.
    image

You should now be able to run WU/MU or update MSE successfully. That’s all, folks!

SBS 2008 Issues with Latest Updates

There have been several reports about recent updates taking an extremely long time (4-6 hours) to completely install on SBS 2008 servers. For example, some report that after rebooting the server and it starts to apply updates, it may sit at 0% for more than an hour.

The reaction is to think that something is wrong and to force a reboot.

These issues are being investigated, but the best advice is that if you have already started updating your server, just let it run and do not force a reboot. And expect that it may be down for several hours.

If you have not yet started applying updates, my typical procedure is as follows:

Reboot the server BEFORE installing any updates

Install updates in groups – all security patches first, then .Net patches, then each rollup or service pack individually

After the updates have been applied, some things may still not work, such as some services not starting or Companyweb not available. In these cases, first try rebooting the server again, and checking things out. for companyweb, please remember that you generally need to manually run the psconfig command after installing SharePoint updates.

finally, it is always advisable to make sure you have a full, validated backup of your server before installing any patches, rollups or service packs,