Hello again. I have been investigating missing patches in both the 32 and 64 bit versions of Windows 2008 server. (This isn't the R2 version)
From a server built from vanilla Microsoft media and using a freshly created wsusoffline iso, I'm consistently left with the following updates missing:
0> Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 (KB3122646)
1> April, 2017 Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Vista SP2 and Server 2008 SP2 (KB4014988)
2> May, 2017 Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008 SP2 (KB4019109)
3> 2017-09 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008 SP2 (KB4041086)
4> 2017-09 Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008 SP2 (KB4041093)
5> Windows Malicious Software Removal Tool - February 2018 (KB890830)
6> 2018-05 Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008 SP2 (KB4099640)
7> 2018-07 Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008 SP2 (KB4340007)
8> 2018-08 Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008 SP2 (KB4345682)
9> 2018-12 Security Only Update for .NET Framework 3.5 SP1, 4.5.2, 4.6 for Windows Server 2008 SP2 (KB4471984)
10> 2019-02 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008 SP2 (KB4487081)
11> 2019-02 Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008 SP2 (KB4487124)
12> Windows Malicious Software Removal Tool - April 2019 (KB890830)
Yes, I have gone down to the sub patch level and checked each of them. None of the sub patches of these patches are present.
In my testing I have also performed the following:
Installed the current servicing stack: (kb4493730)
http://download.windowsupdate.com/d/msd ... c009a0.msu
http://download.windowsupdate.com/d/msd ... c2443c.msu
D3D compiler (kb4019478) - which is required for recent .Net patches. (These are hard patches to track down for 2008).
Check here for the requirement: https://support.microsoft.com/en-au/hel ... -0-and-3-0
http://download.windowsupdate.com/c/msd ... a14c1b.msu
http://download.windowsupdate.com/c/msd ... a14c1b.msu
As well as the 7.6 Windows Update Client:
http://download.windowsupdate.com/windo ... .6-x64.exe
http://download.windowsupdate.com/windo ... .6-x86.exe
I have also manually added the Microsoft root certificate and disallowed certs using this guide:
http://woshub.com/updating-trusted-root ... indows-10/ "The List of Root Certificates in STL Format"
I also installed .Net framework 4.6.1.
Wsusoffline still uses the 4.6 version, where 4.6.1 is the latest version for 2008.
https://download.microsoft.com/download ... OS-ENU.exe
Some Microsoft pages suggest 4.6 is the latest for server 2008, others 4.6.1.
The 4.6.1 offline framework actually installs correctly. 4.6.2 doesn't install by comparison.
The .Net 4 build version afterwards is the expected 394271.
After all of these steps, the same patches remain uninstalled on the server.
Most of the required .Net patches are present within the wsusoffline media and I can manually install them from there - confirming that there aren't any missing prerequisites.
I can also install them fine from Windows Update.
Looking back some time ago, this all definitely used to work for this operating system, suggesting some change within wsusoffline that broke 2008 .Net patch support.
I know that the usage of 2008 is getting lower, but as it soon will fall out of support, getting to a solid final patch position will be useful.
Can you please investigate this?
Thank you in advance
Regards
Robert