Page 1 of 1

[Solved/Fix Available] Some update issues

PostPosted: 18.10.2017, 23:32
by random
Hi,

I've run across two update issues when updating a fresh install of 64-bit Windows 7 SP1. On x86 platform I haven't had such problems.

The first problem is with update KB4040973, which is asked to be installed over and over. That is, it doesn't get counted as installed. I ran the provided script ListInstalledUpdateIds.vbs and it confirmed that. Tried uninstalling and installing the update manually, but to no avail.


The other update KB2631813 is listed as superseded even though it's later asked to be installed. I ended up adding it as a custom static update and that solved the problem. So, should this update be considered superseded?


PS: Thank you Torsten for reactivating my account.


Thanks.

random

Re: Some update issues

PostPosted: 19.10.2017, 13:42
by hbuhrmester
I think, that kb2631813 was superseded by the full quality update rollup for October 2016 or November 2016.

At one point, I could automatically download this update, using a complicated method to calculate superseded updates: it was meant to recover superseded updates, if the superseding update is omitted from download. Then the update kb2631813 for w61-x64 was actually downloaded.


But most of these calculations are not necessary anymore: In November 2016, the full quality update rollup superseded the security-only update rollup. This meant, that the security-only updates were not downloaded, even if the full quality update rollups were excluded from download.

This caused problems with WSUS Offline Update, and the "new method for calculating superseded updates" was meant to handle this. But it also caused problems with Microsoft's own tools, and then it was reverted the very next month, in December 2016:

More on Windows 7 and Windows 8.1 servicing changes

UPDATE: 12/5/2016: In November 2016, the Security Monthly Quality Rollups were released as superseding the Security Only Quality updates. This resulted in an impact to customers deploying the Security Only Quality updates, using tools that cannot easily deploy superseded updates, such as System Center Configuration Manager 2007. Based on customer feedback, this supersedence has been changed in December 2016. Please review the updates below if this impacts your deployment scenarios.
(...)

UPDATED 12/5/2016: Starting in December 2016, monthly rollups will not supersede security only updates. The November 2016 monthly rollup will also be updated to not supersede security only updates. Installing the latest monthly rollup will ensure the PC is compliant for all security updates released in the new servicing model."

https://blogs.technet.microsoft.com/win ... g-changes/


Now the problem rather is, that by default, both "quality" and "security-only" updates are downloaded. This is not a major problem, but maybe we could just save some space.

Remaining issues can be solved by adding the updates to the configuration files were necessary: I would suggest to add "windows6.1-kb2631813-x64" to the file wsusoffline/exclude/ExcludeList-superseded-exclude.txt or to the custom counterpart wsusoffline/exclude/custom/ExcludeList-superseded-exclude.txt .



The update kb4040973 is the September 2017 Security and Quality Rollup for .NET Frameworks. The reference can be found in all these files:

Code: Select all
wsusoffline/client/static/StaticUpdateIds-w60-x86.txt
wsusoffline/client/static/StaticUpdateIds-w60-x64.txt
wsusoffline/client/static/StaticUpdateIds-w61-dotnet4-393297.txt
wsusoffline/client/static/StaticUpdateIds-w61-dotnet4-394271.txt
wsusoffline/client/static/StaticUpdateIds-w61-dotnet4-394806.txt
wsusoffline/client/static/StaticUpdateIds-w61-dotnet4-460805.txt


These updates are only necessary, if you installed one of the .NET Frameworks manually. The bundled or pre-installed .NET Framework for Windows 7 is updated with the regular Windows 7 updates.

The best check, which updates are actually missing, would be a test with the Microsoft Baseline Security Analyzer (MBSA). It uses the same WSUS catalog file wsusscn2.cab and can work completely offline, just like WSUS Offline Update.

Re: Some update issues

PostPosted: 28.10.2017, 04:40
by random
Hi,

hbuhrmester wrote:The update kb4040973 is the September 2017 Security and Quality Rollup for .NET Frameworks. The reference can be found in all these files:

Code: Select all
wsusoffline/client/static/StaticUpdateIds-w60-x86.txt
wsusoffline/client/static/StaticUpdateIds-w60-x64.txt
wsusoffline/client/static/StaticUpdateIds-w61-dotnet4-393297.txt
wsusoffline/client/static/StaticUpdateIds-w61-dotnet4-394271.txt
wsusoffline/client/static/StaticUpdateIds-w61-dotnet4-394806.txt
wsusoffline/client/static/StaticUpdateIds-w61-dotnet4-460805.txt


These updates are only necessary, if you installed one of the .NET Frameworks manually. The bundled or pre-installed .NET Framework for Windows 7 is updated with the regular Windows 7 updates.

The best check, which updates are actually missing, would be a test with the Microsoft Baseline Security Analyzer (MBSA). It uses the same WSUS catalog file wsusscn2.cab and can work completely offline, just like WSUS Offline Update.



First off, thank you for your reply.

Yes, I install the .NET Framework 4.7 manually, but the update kb4040973* keeps installing indefinitely as I said before. That's the issue. Please, take a look at the log:

* ndp46-kb4040973-x64_5da041181051d83e3aad0950ef4b5c7db58520f7.exe

Determining Windows Defender definition file version...
Checking Windows Update scan prerequisites...
Adjusting service 'Windows Update'...
Starting service 'Windows Update' (wuauserv)...
Waiting for service 'wuauserv' to reach state 'Running' (timeout: 60s)...
Verifying integrity of Windows Update catalog file...
hashdeep64.exe: Audit passed
23:13:53,02 - Listing ids of missing updates (please be patient, this will take a while)...
23:18:20,86 - Done.
Listing ids of installed updates...
Listing update files...
Info: Skipping update kb890830 (Malicious Software Removal Tool) due to matching
black list entry.
Stopping service 'Windows Update' (wuauserv)...
Waiting for service 'wuauserv' to reach state 'Stopped' (timeout: 180s)...
Installing updates...
23:18:58,27 - Installing update 1 of 1 (stage size: 80)...
Verifying integrity of ..\dotnet\x64-glb\ndp46-kb4040973-x64_5da041181051d83e3aad0950ef4b5c7db58520f7.exe...
hashdeep64.exe: Audit passed
Installing ..\dotnet\x64-glb\ndp46-kb4040973-x64_5da041181051d83e3aad0950ef4b5c7db58520f7.exe...
Checking Microsoft Security Essentials installation state...
Restoring screensaver setting...
Activating previous power scheme...
Deleting temporary power scheme...

Installation successful. Please reboot your system now.


Ending WSUS Offline Update at 23:22:26,37...


If I run the WSUS Offline Update again, it will repeat the same installation.

From catalog.update:

2017-09 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 7 and Server 2008 R2 for x64 (KB4041083)
windows6.1-kb4019990-x64_35cc310e81ef23439ba0ec1f11d7b71dd34adfe5.msu
ndp46-kb4040973-x64_5da041181051d83e3aad0950ef4b5c7db58520f7.exe
windows6.1-kb4040980-x64_83282fb5210091802984ead0d4175879056d602c.msu
ndp45-kb4040977-x64_adee32f77a471cf5c45509261546d68efc4181bd.exe


I ran the MBSA and it didn't report any missing updates (of course, with the exception of the Malicious Software Removal...)

Image

It is as if the update kb4040973 was not detected as part of the update KB4041083 and then gets installed again. Note that this problem doesn't occur on 32-bit Windows.


Any tips?


Thanks.

Re: Some update issues

PostPosted: 29.10.2017, 18:56
by random
OK, I found out what the problem is.

The problem is that the DisplayName value of the update kb4040973 is being written* to the Wow6432Node registry key and such a key cannot be accessed by the ListInstalledUpdateIds.vbs script. So I included a Wow6432Node key:

* Probably because the 32-bit installer.


ListInstalledUpdateIds.vbs
Code: Select all
' *** Author: T. Wittrock, Kiel ***

Option Explicit

Private Const HKEY_LOCAL_MACHINE       = &H80000002
Private Const strRegKeyUninstall       = "Software\Microsoft\Windows\CurrentVersion\Uninstall"
Private Const strRegKeyUninstallWOW64  = "Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall"
Private Const strRegValDisplayName     = "DisplayName"

Private Const strIdStartToken       = "("
Private Const strIdKBToken          = "KB"
Private Const strIdEndToken         = ")"

Dim wshShell, objFileSystem, objWMIService, objQuickFix, objIDFile, arraySubKeys
Dim strTempFolder, strIdFileName, strId, strSubKey, posStartToken, posEndToken

On Error Resume Next
Set wshShell = WScript.CreateObject("WScript.Shell")
strTempFolder = wshShell.ExpandEnvironmentStrings("%TEMP%")
strIdFileName = strTempFolder & "\InstalledUpdateIds.txt"
Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objIDFile = objFileSystem.CreateTextFile(strIdFileName, True)

' List OS patches
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\.\root\cimv2")
For Each objQuickFix in objWMIService.ExecQuery("Select * from Win32_QuickFixEngineering")
  posStartToken = InStr(1, objQuickFix.HotFixID, strIdKBToken, vbTextCompare)
  If posStartToken > 0 Then
    objIDFile.WriteLine(Right(objQuickFix.HotFixID, Len(objQuickFix.HotFixID) - (posStartToken + Len(strIdKBToken) - 1)))
  Else
    objIDFile.WriteLine(objQuickFix.HotFixID)
  End If
Next

' List other patches
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
objWMIService.EnumKey HKEY_LOCAL_MACHINE, strRegKeyUninstall, arraySubKeys
For Each strSubKey In arraySubKeys
   objWMIService.GetStringValue HKEY_LOCAL_MACHINE, strRegKeyUninstall & "\" & strSubKey, strRegValDisplayName, strId
  If IsNull(strId) Or (strId = "") Then
    strId = strSubKey
  End If
  posStartToken = InStr(1, strId, strIdStartToken & strIdKBToken, vbTextCompare)
  If posStartToken > 0 Then
    posEndToken = InStr(posStartToken, strId, strIdEndToken, vbTextCompare)
    If posEndToken > 0 Then
      objIDFile.WriteLine(Mid(strId, posStartToken + Len(strIdStartToken & strIdKBToken), posEndToken - (posStartToken + Len(strIdStartToken & strIdKBToken))))
    End If
  End If
Next

' List other patches from Wow6432Node
objWMIService.EnumKey HKEY_LOCAL_MACHINE, strRegKeyUninstallWOW64, arraySubKeys
For Each strSubKey In arraySubKeys
   objWMIService.GetStringValue HKEY_LOCAL_MACHINE, strRegKeyUninstallWOW64 & "\" & strSubKey, strRegValDisplayName, strId
  If IsNull(strId) Or (strId = "") Then
    strId = strSubKey
  End If
  posStartToken = InStr(1, strId, strIdStartToken & strIdKBToken, vbTextCompare)
  If posStartToken > 0 Then
    posEndToken = InStr(posStartToken, strId, strIdEndToken, vbTextCompare)
    If posEndToken > 0 Then
      objIDFile.WriteLine(Mid(strId, posStartToken + Len(strIdStartToken & strIdKBToken), posEndToken - (posStartToken + Len(strIdStartToken & strIdKBToken))))
    End If
  End If
Next

objIDFile.Close
' Delete id file if it does not contain valid data
Set objIDFile = objFileSystem.GetFile(strIdFileName)
If objIDFile.Size <= 2 Then
  objIDFile.Delete
End If
WScript.Quit(0)


Since we have the statement On Error Resume Next in the code, then I think there's no need to check if it's a 64-bit or 32-bit OS.

I tested the above script and it's working fine on both 32- or 64-bit Windows 7.

I consider the problem solved.


random

Re: Some update issues

PostPosted: 06.11.2017, 01:22
by blackhawk387
random wrote:OK, I found out what the problem is.

The problem is that the DisplayName value of the update kb4040973 is being written* to the Wow6432Node registry key and such a key cannot be accessed by the ListInstalledUpdateIds.vbs script. So I included a Wow6432Node key:

* Probably because the 32-bit installer.


ListInstalledUpdateIds.vbs
Code: Select all
' *** Author: T. Wittrock, Kiel ***

Option Explicit

Private Const HKEY_LOCAL_MACHINE       = &H80000002
Private Const strRegKeyUninstall       = "Software\Microsoft\Windows\CurrentVersion\Uninstall"
Private Const strRegKeyUninstallWOW64  = "Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall"
Private Const strRegValDisplayName     = "DisplayName"

Private Const strIdStartToken       = "("
Private Const strIdKBToken          = "KB"
Private Const strIdEndToken         = ")"

Dim wshShell, objFileSystem, objWMIService, objQuickFix, objIDFile, arraySubKeys
Dim strTempFolder, strIdFileName, strId, strSubKey, posStartToken, posEndToken

On Error Resume Next
Set wshShell = WScript.CreateObject("WScript.Shell")
strTempFolder = wshShell.ExpandEnvironmentStrings("%TEMP%")
strIdFileName = strTempFolder & "\InstalledUpdateIds.txt"
Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objIDFile = objFileSystem.CreateTextFile(strIdFileName, True)

' List OS patches
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\.\root\cimv2")
For Each objQuickFix in objWMIService.ExecQuery("Select * from Win32_QuickFixEngineering")
  posStartToken = InStr(1, objQuickFix.HotFixID, strIdKBToken, vbTextCompare)
  If posStartToken > 0 Then
    objIDFile.WriteLine(Right(objQuickFix.HotFixID, Len(objQuickFix.HotFixID) - (posStartToken + Len(strIdKBToken) - 1)))
  Else
    objIDFile.WriteLine(objQuickFix.HotFixID)
  End If
Next

' List other patches
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
objWMIService.EnumKey HKEY_LOCAL_MACHINE, strRegKeyUninstall, arraySubKeys
For Each strSubKey In arraySubKeys
   objWMIService.GetStringValue HKEY_LOCAL_MACHINE, strRegKeyUninstall & "\" & strSubKey, strRegValDisplayName, strId
  If IsNull(strId) Or (strId = "") Then
    strId = strSubKey
  End If
  posStartToken = InStr(1, strId, strIdStartToken & strIdKBToken, vbTextCompare)
  If posStartToken > 0 Then
    posEndToken = InStr(posStartToken, strId, strIdEndToken, vbTextCompare)
    If posEndToken > 0 Then
      objIDFile.WriteLine(Mid(strId, posStartToken + Len(strIdStartToken & strIdKBToken), posEndToken - (posStartToken + Len(strIdStartToken & strIdKBToken))))
    End If
  End If
Next

' List other patches from Wow6432Node
objWMIService.EnumKey HKEY_LOCAL_MACHINE, strRegKeyUninstallWOW64, arraySubKeys
For Each strSubKey In arraySubKeys
   objWMIService.GetStringValue HKEY_LOCAL_MACHINE, strRegKeyUninstallWOW64 & "\" & strSubKey, strRegValDisplayName, strId
  If IsNull(strId) Or (strId = "") Then
    strId = strSubKey
  End If
  posStartToken = InStr(1, strId, strIdStartToken & strIdKBToken, vbTextCompare)
  If posStartToken > 0 Then
    posEndToken = InStr(posStartToken, strId, strIdEndToken, vbTextCompare)
    If posEndToken > 0 Then
      objIDFile.WriteLine(Mid(strId, posStartToken + Len(strIdStartToken & strIdKBToken), posEndToken - (posStartToken + Len(strIdStartToken & strIdKBToken))))
    End If
  End If
Next

objIDFile.Close
' Delete id file if it does not contain valid data
Set objIDFile = objFileSystem.GetFile(strIdFileName)
If objIDFile.Size <= 2 Then
  objIDFile.Delete
End If
WScript.Quit(0)


Since we have the statement On Error Resume Next in the code, then I think there's no need to check if it's a 64-bit or 32-bit OS.

I tested the above script and it's working fine on both 32- or 64-bit Windows 7.

I consider the problem solved.


random


Thank you! I was having the same problem, and your fix worked flawlessly, thanks! I hope that this fix will be added in the next version of WSUS Offline.

Re: [Solved/Fix Available] Some update issues

PostPosted: 11.11.2017, 20:04
by Docfxit
I am having the same problem with the same KB4040973.

I have installed ndp46-kb4040973-x64_5da041181051d83e3aad0950ef4b5c7db58520f7.exe
manually. It did say it was installed successful.
I ran WSUS. It tried to install it again.
I ran the VBS above. I didn't see any output. I ran WSUS. It tried to install it again.

I can't get WSUS to recognize that this KB is installed.

I have another thread on this issue at:
viewtopic.php?f=4&t=7160

Thanks,

Docfxit

Re: [Solved/Fix Available] Some update issues

PostPosted: 11.11.2017, 23:22
by random
Docfxit,

You should replace your original "ListInstalledUpdateIds.vbs" file located under "wsusoffline\client\cmd" with the one above and rerun WSUS.



random

Re: [Solved/Fix Available] Some update issues

PostPosted: 12.12.2017, 15:36
by WSUSUpdateAdmin
Hi!

:arrow: http://trac.wsusoffline.net/browser/trunk (r907): '- Fix: ListInstalledUpdateIds.vbs script didn't list patches from Wow6432Node (Thanks to "random")'

Sorry for delay! :(

Thanks & regards,
Torsten

Re: [Solved/Fix Available] Some update issues

PostPosted: 21.12.2017, 17:10
by SecurityGuy
I work for a department where security is of utmost concern; our systems are not connected to the Internet which is why we use (and love) the wsusoffline update process.

The updated .vbs file resolves our issue where KB4040973 keeps the update process in an endless update-and-reboot loop. When can we anticipate this updated script to be included with the packaged download? There is a *great* deal of red tape that we must go through to make any sort of modifications to what is deemed "COTS" so the inclusion of this new script would help us out tremendously! :)

Many thanks in advance.

Re: [Solved/Fix Available] Some update issues

PostPosted: 21.12.2017, 17:21
by SecurityGuy
Please disregard my previous post as I inadvertently reviewed an older wsusoffline package after downloading version 11.1. I see this file has been updated - thank you!!!!!