Thanks, all. We’ve done some more testing since I posted, and it seems rolling out the WUA patch to the desktops resolved it, so it seems the safe course of action is to, in order,
1. Update ALL WUA clients that the WUA patch applies to 2. Install the WSUS hotfix. Ivan Lindenfeld From: [email protected] [mailto:[email protected]] On Behalf Of Sean Pomeroy Sent: Thursday, September 17, 2015 9:16 AM To: [email protected] Subject: Re: [mssms] RE: KB2938066 WSUS update to harden WSUS services experience? This is how we did it. But i was under the impression clients would not get updates until the hardening patch was applied. This was not what I observed. On Thu, Sep 17, 2015 at 9:14 AM Nick <[email protected]<mailto:[email protected]>> wrote: To be safe, could you roll out the updated agent to your clients ahead of time using your methods and THEN install the update on the server? -Nick- From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Jimmy Martin Sent: Wednesday, September 16, 2015 11:24 AM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: KB2938066 WSUS update to harden WSUS services experience? No, wua did not auto update on the clients after the patch was applied… installed the patch on Monday and numbers today not significantly different that b4 patch Jimmy Martin (901) 227-8209 From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Lindenfeld, Ivan Sent: Wednesday, September 16, 2015 9:47 AM To: [email protected]<mailto:[email protected]> Subject: [mssms] KB2938066 WSUS update to harden WSUS services experience? https://support.microsoft.com/en-us/kb/2938066#/en-us/kb/2938066 If anyone has deployed this to their WSUS servers that run integrated with SCCM, did this statement in the KB article turn out to be true? • The WUA on computers that are managed by this WSUS server will be automatically upgraded as needed after you apply this update. Because all of our WUA clients upgrading across the wire (we use an alternate content provider) would be likely catastrophic. We think we need to deploy this update to the WSUS server because KB3083324 (the WUA patch for Windows 7 and Server 2K8R2 clients and the 80070000E errors) says it is a prerequisite. Actually, every version of that hotfix BEFORE the September revision SAID it was a prereq but we don’t know if that change is a documentation omission or an actual change in prereq. The second reason is we are seeing “WARNING: Cab does not contain correct inner CAB file.” Warnings in the windowsupdate.log after deploying KB3083324 and anecdotal evidence on the internets say it is related to and resolved by installing KB2938066 on the WSUS server. So, updating one update to one WSUS server is trivial, unless it updates many thousands of WUA agents across the wire. Thanks for your feedback. (shorter than Ed’s post!) Ivan Lindenfeld ________________________________ NOTICE: The information contained in this message is proprietary and/or confidential and may be privileged. If you are not the intended recipient of this communication, you are hereby notified to: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. This message and any files transmitted with it may contain legally privileged, confidential, or proprietary information. If you are not the intended recipient of this message, you are not permitted to use, copy, or forward it, in whole or in part without the express consent of the sender. Please notify the sender of the error by reply email, disregard the foregoing messages, and delete it immediately. P Please consider the environment before printing this email...
