There are a few issues you will come across;

* You figured out that the path shouldn't have the end single quote, unless 
you are start the path with a single quote. No need to escape the 
backslashes unless you enclose it in double quotes
* While you specify the path as .msu, win_package doesn't have any smarts 
in place to automatically use wusa.exe to install the hotfix, you need to 
modify the path and arguments to use wusa.exe
* There is the win_hotfix module in 2.4 but this isn't available for Server 
2008, 2008 R2 without lots of messing around so for this hotfix it probably 
won't matter but I've included an example anyway

The final issue is that on a WinRM process any access to the Windows Update 
API like wusa.exe will fail with access is denied, you need to escape the 
Network Logon process to get it working, there are multiple ways of doing 
this currently

* Use Ansible and become to become an interactive process, while this was 
added in 2.3 it was experimental and only worked in certain situations. I 
would recommend you upgrade to 2.5 when it is out as it is no longer 
experimental and quite easy to use
* Use a scheduled task to run the process, this works but it quite 
cumbersome to setup and run so I won't give an example
* Use psexec and the win_psexec module, it requires the psexec executable 
downloaded onto the host and chocolately can do that for you

Because you are on an older Ansible version the psexec option will be the 
easiest way for you to move forward so I recommend you look into that.

# on 2.5 you could do the following for most Windows hosts
- name: install hotfix KB3140245
    path: C:\Windows\System32\wusa.exe
    arguments: C:\temp\windows6.1-kb3140245-
x64_5b067ffb69a94a6e5f9da89ce88c658e52a0dec0.msu /quiet /norestart
    product_id: MicrosoftTLS
    state: present
  register: hotfix_install
  become: yes
  become_method: runas
  become_user: SYSTEM

- name: reboot if required
  when: hotfix_install.reboot_required

# or from 2.4 onwards and Server 2012 or newer you can use win_hotfix (I 
know this is for Server 2008 R2 but keeping it here as an example for other 
- name: install hotfix KB3140245
    path: C:\temp\windows6.1-kb3140245-
    hotfix_kb: KB3140245
    state: present
  register: hotfix_install

- name: reboot host if required
  when: hotfix_install.reboot_required

# finally if you cannot upgrade Ansible versions, you can get it working 
with psexec by running these tasks
- name: make sure psexec is installed locally
    name: psexec
    state: present

- name: check if hotfix KB3140245 is installed
  win_shell: if (Get-Hotfix -Id KB3140245 -ErrorAction SilentlyContinue) { 
"true" } else { "false" }
  register: hotfix_installed

- name: install hotfix if not installed
    command: C:\Windows\System32\wusa.exe C:\temp\windows6.1-kb3140245-
x64_5b067ffb69a94a6e5f9da89ce88c658e52a0dec0.msu /quiet /norestart
    system: yes
  register: hotfix_install_out
  failed_when: hotfix_install_out.rc not in [0, 3010]
  when: hotfix_installed.stdout_lines[0] == "false"

- name: reboot system if required
  when: hotfix_install_out.rc == 3010



You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To post to this group, send email to
To view this discussion on the web visit
For more options, visit

Reply via email to