Page 1 of 2

WSUS and .Net patches

PostPosted: 07.02.2018, 05:14
by grinpress
Hello Forum.
My question is regarding how WSUS deals with .Net patches (In the past I've already posted alike questions and got general response. This time I have a concrete example and need more details, please).
Scenario:
1. Used the following options in WSUS Generator:
Windows 8.1\Windows 2012 R2 x64
use security only updates instead of quality
2. WSUS generator successfully downloaded many patches.
I Filtered patches for 2017 only : around 30 security -only patches were downloaded for 2017, that includes patches for OS, cumulative December patche for IE, cumulative December patch for Adobe Flash Player and 15 patches for .Net
3. Run WSUS installer on Windows Server 2012 R2.
Only 13 patches dated 2017 were successfully installed.
4. I Compared a list of 2017 patches in the glb folder (30 patches) and a list on installed patches (13 in total) and found that the gap (30-13) is related to .Net patches.
Seems like .Net patches were not installed by WSUS: I do not see them in Registry keys .
(My server has .Net 3.5 and .Net 4.5.1 installed )

My question is : in what way WSUS installer deals with .net patches ? Does it install all .Net patches from glb folder ? Does it install only those that relevant for the concrete machine ?
Where I can see a list of installed .Net patches ? Only in Registry ?
Thanks

Re: WSUS and .Net patches

PostPosted: 08.02.2018, 02:26
by Denniss
Our Software also supports dotnet 4.6/4.7 and downloads patches for them. But on your machine they won't be installed as you only need 4.5 patches.

Re: WSUS and .Net patches

PostPosted: 11.02.2018, 14:26
by grinpress
Thank you Denniss.
So WSUS Installer checks what .Net version is installed on the concrete machine before installing ? And then install only those .Net patches (out of all it downloaded and holds in Glb folder) which are relevant for this concrete machine, non-relevant .Net patches it will skip , correct ?
Is there any additional logic WSUS uses before applying .Net patches ? (I can see that few patches in glb folder do deal with .Net 4.5.2 installed on my machine, but from some reason they are not being installed by WSUS - probably there is another check whether the patch is relevant for the concrete machine )
Where I can see a list of installed .Net patches ? Only in Registry ?

Re: WSUS and .Net patches

PostPosted: 11.02.2018, 14:54
by Denniss
If you have 4.5.1. installed then 4.5.2 updates won't apply to your machine.
Actually the Windows Update Agent is determining the required updates and excludes those not relevant for the target system.

Re: WSUS and .Net patches

PostPosted: 11.02.2018, 16:34
by grinpress
So WSUS communicates with the Windows Update Agent ? And after all Windows Update Agent "decides" what of patches containing in WSUS's glb folder are relevant for the specific machine ?

Re: WSUS and .Net patches

PostPosted: 11.02.2018, 18:04
by Denniss
WOU does some checks as well and, if required, starts some prerequisite installations like service packs or servicing stack updates. Some returns from WUA (windoze Update Agent) have to be redirected/split to actual update files, especially with dotnet WUA usually returns a generic KB number but not the individual updates behind it.

Re: WSUS and .Net patches

PostPosted: 12.02.2018, 09:46
by grinpress
I understand , thank you Denniss. The bottom line, from your experience with the WOU : can we fully rely on WOU with regards to .Net patching ? If it "decided" to install no of the .Net patches it downloaded, it means no one of these patches indeed not relevant for this particular machine ? No need to "re-check" the .Net patches status manually after WOU completed its work ?

Re: WSUS and .Net patches

PostPosted: 12.02.2018, 15:26
by aker
If you didn't update .NET to 4.6 or newer, none of the "ndp"-patches apply to your Windows 8.1/Server 2012 R2 machine. They are stored as Windows8.1-KBxxxxxxx-x64_sha1.msu/cab inside .\client\w63-x64\glb.

Re: WSUS and .Net patches

PostPosted: 12.02.2018, 16:38
by grinpress
did not update, it's 4.5.2 version (side by side with 3.5)
From WSUS log: :

Mon 02/12/2018 6:50:25.86 - Info: Found Microsoft .NET Framework 3.5 version 3.5.30729.4926
Mon 02/12/2018 6:50:25.86 - Info: Found Microsoft .NET Framework 4 version 4.5.51650
Mon 02/12/2018 6:50:25.86 - Info: Found Windows Management Framework version 4.0.0.0

Re: WSUS and .Net patches

PostPosted: 12.02.2018, 21:33
by aker
4.5.2 is the most recent version wsusou will install, if you don't tell it to update to .NET 4.7.1.
Independetly .NET 4.5.2 will still get security updates from MS (as far as I know until 2023).

If you want to update to 4.7.1 select "Install .NET Framework 4.7.1" in UpdateInstaller or add the "/instdotnet4"-switch to your installation command. Then wsusou will install 4.7.1 and update it to the most recent security update / rollup.