WSUS and .Net patches

WSUS and .Net patches

Postby grinpress » 07.02.2018, 04:14

Hello Forum.
My question is regarding how WSUS deals with .Net patches (In the past I've already posted alike questions and got general response. This time I have a concrete example and need more details, please).
Scenario:
1. Used the following options in WSUS Generator:
Windows 8.1\Windows 2012 R2 x64
use security only updates instead of quality
2. WSUS generator successfully downloaded many patches.
I Filtered patches for 2017 only : around 30 security -only patches were downloaded for 2017, that includes patches for OS, cumulative December patche for IE, cumulative December patch for Adobe Flash Player and 15 patches for .Net
3. Run WSUS installer on Windows Server 2012 R2.
Only 13 patches dated 2017 were successfully installed.
4. I Compared a list of 2017 patches in the glb folder (30 patches) and a list on installed patches (13 in total) and found that the gap (30-13) is related to .Net patches.
Seems like .Net patches were not installed by WSUS: I do not see them in Registry keys .
(My server has .Net 3.5 and .Net 4.5.1 installed )

My question is : in what way WSUS installer deals with .net patches ? Does it install all .Net patches from glb folder ? Does it install only those that relevant for the concrete machine ?
Where I can see a list of installed .Net patches ? Only in Registry ?
Thanks
grinpress
 
Posts: 24
Joined: 25.12.2017, 13:52

Re: WSUS and .Net patches

Postby Denniss » 08.02.2018, 01:26

Our Software also supports dotnet 4.6/4.7 and downloads patches for them. But on your machine they won't be installed as you only need 4.5 patches.
Denniss
 
Posts: 869
Joined: 01.08.2009, 10:51

Re: WSUS and .Net patches

Postby grinpress » 11.02.2018, 13:26

Thank you Denniss.
So WSUS Installer checks what .Net version is installed on the concrete machine before installing ? And then install only those .Net patches (out of all it downloaded and holds in Glb folder) which are relevant for this concrete machine, non-relevant .Net patches it will skip , correct ?
Is there any additional logic WSUS uses before applying .Net patches ? (I can see that few patches in glb folder do deal with .Net 4.5.2 installed on my machine, but from some reason they are not being installed by WSUS - probably there is another check whether the patch is relevant for the concrete machine )
Where I can see a list of installed .Net patches ? Only in Registry ?
grinpress
 
Posts: 24
Joined: 25.12.2017, 13:52

Re: WSUS and .Net patches

Postby Denniss » 11.02.2018, 13:54

If you have 4.5.1. installed then 4.5.2 updates won't apply to your machine.
Actually the Windows Update Agent is determining the required updates and excludes those not relevant for the target system.
Denniss
 
Posts: 869
Joined: 01.08.2009, 10:51

Re: WSUS and .Net patches

Postby grinpress » 11.02.2018, 15:34

So WSUS communicates with the Windows Update Agent ? And after all Windows Update Agent "decides" what of patches containing in WSUS's glb folder are relevant for the specific machine ?
grinpress
 
Posts: 24
Joined: 25.12.2017, 13:52

Re: WSUS and .Net patches

Postby Denniss » 11.02.2018, 17:04

WOU does some checks as well and, if required, starts some prerequisite installations like service packs or servicing stack updates. Some returns from WUA (windoze Update Agent) have to be redirected/split to actual update files, especially with dotnet WUA usually returns a generic KB number but not the individual updates behind it.
Denniss
 
Posts: 869
Joined: 01.08.2009, 10:51

Re: WSUS and .Net patches

Postby grinpress » 12.02.2018, 08:46

I understand , thank you Denniss. The bottom line, from your experience with the WOU : can we fully rely on WOU with regards to .Net patching ? If it "decided" to install no of the .Net patches it downloaded, it means no one of these patches indeed not relevant for this particular machine ? No need to "re-check" the .Net patches status manually after WOU completed its work ?
grinpress
 
Posts: 24
Joined: 25.12.2017, 13:52

Re: WSUS and .Net patches

Postby aker » 12.02.2018, 14:26

If you didn't update .NET to 4.6 or newer, none of the "ndp"-patches apply to your Windows 8.1/Server 2012 R2 machine. They are stored as Windows8.1-KBxxxxxxx-x64_sha1.msu/cab inside .\client\w63-x64\glb.
Wer Rechtschreibfehler findet, darf sie behalten oder an den Meistbietenden versteigern. / Everybody finding a misspelling is allowed to keep or sell it.
aker

WSUS Offline Update „Community Edition“
https://gitlab.com/wsusoffline/wsusoffline/-/releases
aker
 
Posts: 3999
Joined: 02.03.2011, 15:32

Re: WSUS and .Net patches

Postby grinpress » 12.02.2018, 15:38

did not update, it's 4.5.2 version (side by side with 3.5)
From WSUS log: :

Mon 02/12/2018 6:50:25.86 - Info: Found Microsoft .NET Framework 3.5 version 3.5.30729.4926
Mon 02/12/2018 6:50:25.86 - Info: Found Microsoft .NET Framework 4 version 4.5.51650
Mon 02/12/2018 6:50:25.86 - Info: Found Windows Management Framework version 4.0.0.0
grinpress
 
Posts: 24
Joined: 25.12.2017, 13:52

Re: WSUS and .Net patches

Postby aker » 12.02.2018, 20:33

4.5.2 is the most recent version wsusou will install, if you don't tell it to update to .NET 4.7.1.
Independetly .NET 4.5.2 will still get security updates from MS (as far as I know until 2023).

If you want to update to 4.7.1 select "Install .NET Framework 4.7.1" in UpdateInstaller or add the "/instdotnet4"-switch to your installation command. Then wsusou will install 4.7.1 and update it to the most recent security update / rollup.
Wer Rechtschreibfehler findet, darf sie behalten oder an den Meistbietenden versteigern. / Everybody finding a misspelling is allowed to keep or sell it.
aker

WSUS Offline Update „Community Edition“
https://gitlab.com/wsusoffline/wsusoffline/-/releases
aker
 
Posts: 3999
Joined: 02.03.2011, 15:32

Next

Return to Installation / Updating

Who is online

Users browsing this forum: No registered users and 16 guests