forums.wsusoffline.net

Hello,

we use WSUS Offline Update to keep the PCs in our company's network upgraded monthly, but we recently had to blacklist ("exclude") some updates because of an issue in making the users change their Samba domain password on their own (see https://support.microsoft.com/en-us/kb/3167679 and https://support.microsoft.com/en-us/help/22801/windows-7-and-windows-server-2008-r2-update-history for details).

So (as mentioned in the FAQs and in this thread --> http://forums.wsusoffline.net/viewtopic.php?f=4&t=5684) I created a file named ExcludeList.txt in the folder <wsus offline root>\client\exclude\custom containing the KBs to blacklist, one for each line. But after doing this, one of the updates (notably the KB3172605) is installed anyway.

Is there something that I have to do to be sure that those updates are not installed? I'm using WSUS Update Installer 10.8.

Thanks in advance for answering...

The KB3172605 is statically defined as a prerequisite, as it unfortunately contains the WU Client that cures the "extremely long update search" problem. Prerequisites and statically defined updates ignore ExcludeList.txt, that file is only for dynamically determined updates.

To completely exclude those updates, statically or not, use the file

Code: Select all

<wsus offline root>\exclude\custom\ExcludeListForce-All.txt

Enter your KB numbers there and re-run the Download run. The offending updates will be deleted from the repository and thus not installed later.

Thanks for the reply, in this way the exclusion worked.

But we had to revert because WSUS took effectively really long in calculating the updates (it has been hanging for about 18 hours...): so I emptied the file ExcludeListForce-All.txt and relaunched the generator. I expected the KB3172605 to be re-downloaded, but still there isn't in the repository (luckily I backupped the files before deleting them the first time...).

Update: the updates have been re-downloaded after i *deleted* the file ExcludeListForce-All.txt and relaunched the Update Generator.

You have to keep the file as long as you want the updates to be excluded.

aker wrote:You have to keep the file as long as you want the updates to be excluded.

I know, I wrote above that we had to revert the exclusion because even WSUS was taking too long...

We "solved" since we use WSUS in conjunction with WPKG (info here: https://wpkg.org/Heise_Offline-Update). We chose to keep only the "soft exclusion", so KB3172605 is installed anyway. With another WPKG command we then call a batch file (written by us) that uses wusa.exe to remove the offending updates, if they are present.

Probably this is not the "best practice", but in this way updates are installed with 3 reboots and less than 10 minutes per session...