Windows Home Server 2011 Updates

Re: Windows Home Server 2011 Updates

Postby aker » 18.04.2020, 21:34

Something before someone else reviews the log:
WHS2011 has a bug, which only lists Windows Updates up to 2018-05 regardless of what's needed on the server. The custom-build of wsusou fixes this using a static definition of the 2020-01 rollup. This means, that there will be messages about missing updates until the rollup has been applied using the static definition.

I reviewed both of the logs and saw these differences:
- I chose to Update WMF to 5.1, while lioninstreet didn't.
- My VM installed KB4056897, KB4074587 and KB4088878 (SecOnly updates 2018-01 to 2018-03), lioninstreet's device didn't. This is most likely caused by the fact, that I manually added the "QualityCompat"-RegKey in my usual w61 setup routine while lioninstreet didn't set the value. This shouldn't make any difference as these three updates are kind of superseded by the 2020-01 rollup.
- lioninstreet's device installed KB2973112 (.NET 3.5 security update from 2014-09; superseded by .NET SecOnly update from 2018-01) and KB3122648 (.NET 3.5 security update from 2016-01; superseded by .NET SecOnly update from 2018-01), while mine didn't. I assume, that this is caused by a the installation of WMF 5.1, the WHS2011 WU-bug or me setting the QualityCompat value. As the final run doesn't show any missing updates in both cases, I assume, that this behaviour can be ignored.

Questions left (answer in next post):
1) Include KB2775511?
2) Review of these updates:
Code: Select all
kb3124280   Security update for WebDAV: February 9, 2016
kb4014985   Security Only update for the .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, and 4.6.2 updates
kb4019108   Security Only update for the .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, and 4.6.2 updates
kb4041090   Security Only update for the .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7
kb4099637   Security Only update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 updates
kb4340004   Security Only update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2
kb4345679   Security Only updates for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2
kb4471981   Security Only updates for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2
kb4487121   Security Only updates for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2
kb4498961   Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8
kb4507411   Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8
kb4534976   Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8
kb4535102   Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8

3) Hotfixes/Updates KB2781272, KB2934953 and KB2938782
If I missed something, please add.
Wer Rechtschreibfehler findet, darf sie behalten oder an den Meistbietenden versteigern. / Everybody finding a misspelling is allowed to keep or sell it.
aker
aker
 
Posts: 3665
Joined: 02.03.2011, 15:32

Re: Windows Home Server 2011 Updates

Postby aker » 18.04.2020, 21:43

aker wrote:1) Include KB2775511?
2) Review of these updates:
Code: Select all
[...]

3) Hotfixes/Updates KB2781272, KB2934953 and KB2938782


1) This is a hotfix for different problems. It wasn't and isn't offered per default by WU, so if you need it, I'd suggest to manually add it. I'll include the files in the image an will update it's integrity database, but will not add a static definition. If someone wants to enable the installation of this hotfix, add these lines at the beginning of .\static\custom\StaticUpdateIds-w61-x64.txt
Code: Select all
KB2775511
KB2732673
KB2728738
KB2601014
KB2878378


2)
kb3124280 -> All files included get updated by the 2020-01 rollup. I assume, that the chain of supersedances is broken. In my opnion this update is superseded.
SecOnly Updates for .NET -> get kind of superseded by the static definition of the 2020-01 cumulative rollup
kb4535102 -> Is a collection of .NET 3.5 and 4.x rollups. The updates included will be installed by wsusou using static lists (for KB4535102 you'll find these entries in the log "kb4532945" for .NET 3.5, "kb4532929" for 4.5.2, "kb4532932" for 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 and 4.7.2, "kb4532941" for .NET 4.8)

3)
I agree, that it makes sense to include these updates. I'll take a look at them and include them using a static definition.
Exception: KB2938782 is a .NET 4.5 / 4.5.1 update. I'll not include it as these versions are unsupported by MS (https://devblogs.microsoft.com/dotnet/support-ending-for-the-net-framework-4-4-5-and-4-5-1/). You'll have to update/upgrade to 4.5.2 or newer.
Wer Rechtschreibfehler findet, darf sie behalten oder an den Meistbietenden versteigern. / Everybody finding a misspelling is allowed to keep or sell it.
aker
aker
 
Posts: 3665
Joined: 02.03.2011, 15:32

Re: Windows Home Server 2011 Updates

Postby lioninstreet » 18.04.2020, 22:53

Reviewing your posts & will reply

Minor topic on GWX & potential telemetry. It looks like my install added additional updates of questionable background. I found the following in my log:

    KB3068708 Update for Windows Server 2008 R2 x64 Edition Update for customer experience diagnostic telemetry (superseded by KB3080149)
    KB3080149 Update for Windows Server 2008 R2 x64 Edition (purportedly relates to telemetry pathway)
    KB3118401 Allows Windows 10 dependent Universal Runtime apps to run on earlier versions of Windows. (this may be optional considering the use of the OS)
    KB4015546 Hardware check for CPU Platform for Windows 7 (looks like a GWX update)

Also in question is KB3138612 - (Not superceded) / Updated Update Client prevents high CPU useage (supposedly to be installed w/kb3145739). Some say this is Telemetry due to the limited info MS publishes about the "additional fixes" it provides... It shows installed on updates step 7 of 8.

The question becomes, is KB3138612 really needed considering Update Client isn't being used?
lioninstreet
 
Posts: 104
Joined: 21.06.2018, 00:06

Re: Windows Home Server 2011 Updates

Postby aker » 18.04.2020, 23:08

lioninstreet wrote:
    KB3068708 Update for Windows Server 2008 R2 x64 Edition Update for customer experience diagnostic telemetry (superseded by KB3080149)
    KB3080149 Update for Windows Server 2008 R2 x64 Edition (purportedly relates to telemetry pathway)
    KB3118401 Allows Windows 10 dependent Universal Runtime apps to run on earlier versions of Windows. (this may be optional considering the use of the OS)
    KB4015546 Hardware check for CPU Platform for Windows 7 (looks like a GWX update)


KB3068708 -> has been removed in my local build (not online yet)
KB3080149 -> has been removed in my local build (not online yet)
KB3118401 -> just adds the UWP C runtime to Windows 7; I wouldn’t call this update „telemetry“, they just backported a runtime.
KB4015546 -> 2017-04 SecOnly update; the CPU checks prevent Windows 7 to get updates, if running on KabyLake/Ryzen (Or newer) processors; no GWX inside, just „unpolite“ behaviour on Microsoft‘s side

Also in question is KB3138612 - (Not superceded) / Updated Update Client prevents high CPU useage (supposedly to be installed w/kb3145739). Some say this is Telemetry due to the limited info MS publishes about the "additional fixes" it provides... It shows installed on updates step 7 of 8.

The question becomes, is KB3138612 really needed considering Update Client isn't being used?

It‘s just a simple update for the Windows Update Agent.
The fixes of this update are included in all updates updating WUA released afterwards. I don‘t think, that this specific update is required because in my opinion, it should be superseded, but checks pending.
Actually wsusou uses WUA to determine the missing updates. That‘s why we introduced the „wupre“-updates, which update the servicing stack, WUA and other components before dynamically searching for updates.
Wer Rechtschreibfehler findet, darf sie behalten oder an den Meistbietenden versteigern. / Everybody finding a misspelling is allowed to keep or sell it.
aker
aker
 
Posts: 3665
Joined: 02.03.2011, 15:32

Re: Windows Home Server 2011 Updates

Postby lioninstreet » 20.04.2020, 04:30

aker wrote:
aker wrote:1) Include KB2775511?
2) Review of these updates:
Code: Select all
[...]

3) Hotfixes/Updates KB2781272, KB2934953 and KB2938782


1) This is a hotfix for different problems. It wasn't and isn't offered per default by WU, so if you need it, I'd suggest to manually add it. I'll include the files in the image an will update it's integrity database, but will not add a static definition. If someone wants to enable the installation of this hotfix, add these lines at the beginning of .\static\custom\StaticUpdateIds-w61-x64.txt
Code: Select all
KB2775511
KB2732673
KB2728738
KB2601014
KB2878378


First, thank you for taking this project as far as you have. It undoubtedly a lot of work and research to get it this far.

This Enterprise Hotfix Rollup is one of those updates that you don't know you need until you find that you need the functionality of a hotfix it contains. As MS pulled its entire hotfix catalog over a year ago and KB2775511 contains roughly 80 hotfixes, thanks for including it in the integrity database & detailing it and the required four post requisite updates needed after you install install.

Along with the above 5, there are an additional 4 post-requisite Hotfix updates for KB2775511. But these 4 are no longer available thru update catalog. Would you also be open to including them in the integrity database too if I sent them to you?

KB2921916 - "Untrusted publisher" dialog box appears when you install a driver
kb2601014-v2 - a post-requisite for the enterprise hotfix rollup - Samba Compatibility
KB2581608 - automatically applies a required registry entry not included in the enterprise hotfix rollup
KB2752259 - automatically applies a required registry entry not included in the enterprise hotfix rollup

aker wrote:2) kb3124280 -> All files included get updated by the 2020-01 rollup. I assume, that the chain of supersedances is broken. In my opnion this update is superseded.

Couple of observations: MS catalog link to package details show kb3124280 WebDAV update was not superseded. If the 2020-01 rollup contained it, would it be seen as installed in an installed update search after the rollup went in?

aker wrote:SecOnly Updates for .NET -> get kind of superseded by the static definition of the 2020-01 cumulative rollup

Since MS catalog shows these particular SecOnly .NET updates are not superseded, you think it's ok to assume they are in the 2020-01 .NET CR and not include them?

aker wrote:kb4535102 -> Is a collection of .NET 3.5 and 4.x rollups. The updates included will be installed by wsusou using static lists (for KB4535102 you'll find these entries in the log "kb4532945" for .NET 3.5, "kb4532929" for 4.5.2, "kb4532932" for 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 and 4.7.2, "kb4532941" for .NET 4.8)

My install shows the 2020-01 security and quality rollups kb4532945" for .NET 3.5 & kb4532941 for .NET 4.8 went in, but not kb4532929" for 4.5.2, "kb4532932" for 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 and 4.7.2. I think your saying your adding kb4532929" & "kb4532932", yes?

aker wrote:3) I agree, that it makes sense to include these updates. I'll take a look at them and include them using a static definition.
Exception: KB2938782 is a .NET 4.5 / 4.5.1 update. I'll not include it as these versions are unsupported by MS (https://devblogs.microsoft.com/dotnet/support-ending-for-the-net-framework-4-4-5-and-4-5-1/). You'll have to update/upgrade to 4.5.2 or newer.

Of course, that works no worries. Once to tool is closer to release I'll make sure that once the OS has been upgraded to 4.5.2 there isn't any client backup problems.

We discussed KB3125574 briefly before. Are you not including the 2016-04 Convenience Rollup & suggesting I do it on my side as a custom install because it wasn't and isn't offered per default by WU?

MS catalog shows it contains 124 updates for s2k8r2. If I run WU and install what it finds up to & including 2016-03 there are 241 updates installed. When I compare those to what is contained in the CR, I found there are an additional 77 updates in the 2016-03 CR that are not installed by WU. If it would be helpful I can go thru them line by line and see what has been superseded to see what it is really installing.

As an aside, you mentioned in your last post:
aker wrote:Something before someone else reviews the log:
WHS2011 has a bug, which only lists Windows Updates up to 2018-05 regardless of what's needed on the server.

If I remember correctly, I saw a similar issue with w7sp1 back in 2020-02. I have a spare terminal setup to do a fresh install of w7sp1 to verify if my memory is correct.
lioninstreet
 
Posts: 104
Joined: 21.06.2018, 00:06

Re: Windows Home Server 2011 Updates

Postby aker » 20.04.2020, 12:03

Along with the above 5, there are an additional 4 post-requisite Hotfix updates for KB2775511. But these 4 are no longer available thru update catalog. Would you also be open to including them in the integrity database too if I sent them to you?

KB2921916 - "Untrusted publisher" dialog box appears when you install a driver
kb2601014-v2 - a post-requisite for the enterprise hotfix rollup - Samba Compatibility
KB2581608 - automatically applies a required registry entry not included in the enterprise hotfix rollup
KB2752259 - automatically applies a required registry entry not included in the enterprise hotfix rollup

I'll take a look at them. Currently working on the UEFIHotfix (research results will follow below).

Couple of observations: MS catalog link to package details show kb3124280 WebDAV update was not superseded. If the 2020-01 rollup contained it, would it be seen as installed in an installed update search after the rollup went in?

No, but I can try to install it. I pretty sure, that it will tell me that it is not applicable.
[edit]It is superseded, it says, that it isn't applicable on an updated machine.[/edit]

Since MS catalog shows these particular SecOnly .NET updates are not superseded, you think it's ok to assume they are in the 2020-01 .NET CR and not include them?

The rollups do not supersed the SecOnly ones, but the rollups contain all fixes the SecOnly ones contain. It isn't required to install the SecOnly updates, if you installed the most recent cumulative rollup. (Bad declaration on MS' side)

My install shows the 2020-01 security and quality rollups kb4532945" for .NET 3.5 & kb4532941 for .NET 4.8 went in, but not kb4532929" for 4.5.2, "kb4532932" for 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 and 4.7.2. I think your saying your adding kb4532929" & "kb4532932", yes?

It behaves as it should. Your machine has .NET 3.5 and .NET 4.8 installed, which got updated. As wsusou updated .NET 4.x to version 4.8, there won't be any other 4.x version on your computer.
Even there are a lot versions of .NET, there are just 4 main instances of .NET, which can be installed on a computer:
- .NET 1.0
- .NET 1.1
- .NET 2.0 (includes 2.0, 3.0 and 3.5)
- .NET 4.x (includes 4.0, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 and 4.8)
Only one version of these instances can be installed on your computer. There is not computer running .NET 4.5.2 and 4.8 at the same time; .NET 4.5.2 will be replaced by .NET 4.8.
If your device has 3.5 (as it's a component of Windows 7/Serevr 2008 R2) and 4.5.2, wsusou would install kb4532941 and kb4532929.

Of course, that works no worries. Once to tool is closer to release I'll make sure that once the OS has been upgraded to 4.5.2 there isn't any client backup problems.

I just checked the relations of all these updates. There are two "base situations":
a) WHS2011 UR4 without UEFIHotfix
b) WHS2011 UR4 with UEFIHotfix
This situation will be fine with all clients as long as the clients don't have KB2960358. Clients, which have KB2960358 or .NET 4.6 (or newer), will not sync with WHS2011. That's why MS released KB2934950/KB2934953.
In situation (a) the WHS2011 needs KB2934950 to be compatible with clients having KB2938782 or more recent .NET versions, in situation (b) the WHS2011 needs KB2934953.
To clarify: KB2960358 is a security update for .NET 3.5.1/4.0/4.5/4.5.1/4.5.2, which removes an encrytion algorithm (which has been removed in .NET 4.6 and newer, too). This causes problems with syncing. To fix this you'll have to install KB2934950 or KB2934953 on the WHS2011 to switch to a different algorithm still supported by the clients.
My decision would be to include KB2934950 and KB2934953 by a static defintion (install the correct one depending on if the UEFIHotfix has been applied).
I'll add the UEFIHotfix to the image and integrity database, but will not add a static definition as it's an "optional" update.

If I remember correctly, I saw a similar issue with w7sp1 back in 2020-02. I have a spare terminal setup to do a fresh install of w7sp1 to verify if my memory is correct.

My Windows 7 lists have been created in Jan 2020 and I didn't touch them afterwards (except for adding the wallpaper fix) afterwards.

----------------------------------------------------------------------------------------------------

My current TODO-list is the following:
1) [DONE] check KB3138612 and KB3124280 for supersendance
2) [DONE] recheck the list of additional updates (as I changed some static updates)
3) [DONE] add the UEFIHotfix to the image
4) [DONE] add some code to correctly install KB2934950/KB2934953
5) [DONE] check the additional updates, you listed in your previous post
6) [DONE] Convenience Rollup Fixes
Last edited by aker on 09.05.2020, 22:16, edited 1 time in total.
Reason: KB2938782 -> KB2960358; .NET 4.5.2 -> .NET 4.6
Wer Rechtschreibfehler findet, darf sie behalten oder an den Meistbietenden versteigern. / Everybody finding a misspelling is allowed to keep or sell it.
aker
aker
 
Posts: 3665
Joined: 02.03.2011, 15:32

Re: Windows Home Server 2011 Updates

Postby lioninstreet » 20.04.2020, 15:16

aker wrote:
aker wrote:My install shows the 2020-01 security and quality rollups kb4532945" for .NET 3.5 & kb4532941 for .NET 4.8 went in, but not kb4532929" for 4.5.2, "kb4532932" for 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 and 4.7.2. I think your saying your adding kb4532929" & "kb4532932", yes?

It behaves as it should. Your machine has .NET 3.5 and .NET 4.8 installed, which got updated. As wsusou updated .NET 4.x to version 4.8, there won't be any other 4.x version on your computer.
Even there are a lot versions of .NET, there are just 4 main instances of .NET, which can be installed on a computer:
- .NET 1.0
- .NET 1.1
- .NET 3.5 (includes 2.0, 3.0 and 3.5)
- .NET 4.x (includes 4.0, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 and 4.8)
Only one version of these instances can be installed on your computer. There is not computer running .NET 4.5.2 and 4.8 at the same time; .NET 4.5.2 will be replaced by .NET 4.8.
If your device has 3.5 (as it's a component of Windows 7/Serevr 2008 R2) and 4.5.2, wsusou would install kb4532941 and kb4532929.


Understood

aker wrote:I just checked the relations of all these updates. There are two "base situations":
a) WHS2011 UR4 without UEFIHotfix
b) WHS2011 UR4 with UEFIHotfix
This situation will be fine with all clients as long as the clients don't have KB2938782. Clients, which have KB2938782 or .NET 4.5.2 (or newer), will not sync with WHS2011. That's why MS released KB2934950/KB2934953.
In situation (a) the WHS2011 needs KB2934950 to be compatible with clients having KB2938782 or more recent .NET versions, in situation (b) the WHS2011 needs KB2934953.
To clarify: is a security update for .NET 4.5/4.5.1, which removes an encrytion algorithm (which has been removed in .NET 4.5.2 and newer, too). This causes problems with syncing. To fix this you'll have to install KB2934950 or KB2934953 on the WHS2011 to switch to a different algorithm still supported by the clients.
My decision would be to include KB2934950 and KB2934953 by a static defintion (install the correct one depending on if the UEFIHotfix has been applied).
I'll add the UEFIHotfix to the image and integrity database, but will not add a static definition as it's an "optional" update.


Did your install of KB2934953 also give you KB2934950 as mine did? At least both URL's were showing up for me after running wumgr.

And, maybe this is really a non-issue. Since the OS is out of support it seems to me the primary use of the update tool will be to bring current bare metal installs. So unless there is an add-in or some other third party software being installed that wont run on .NET4.8, the chance you would even need to allow for .NET 4.5/4.5.1 is negligible. Your thoughts?

Also, have you given any consideration to the use of the 2016-04 Convenience Rollup as a supplement to what is installed by WU?
lioninstreet
 
Posts: 104
Joined: 21.06.2018, 00:06

Re: Windows Home Server 2011 Updates

Postby aker » 20.04.2020, 16:00

Currently testing to update a fresh install of WHS 2011 with UR4 using the version of the WHS2011 mod, which can correctly handle KB2934950/KB2934953. I don‘t have results yet.

I won‘t include the convenience rollup in the image, but I‘m fixing the static lists to be able to handle systems, which have the convenience rollup. The changes required have been made, but not tested yet.

A full reinstallation of WHS2011 and updates take about 4-5 hours on my computer and I have to do this at least three times and review the logs. If there are bugs in my mods I‘ll have to find and fix them and then add another round of testing.
This will take some time...

Regarding .NET 4.5 and 4.5.1: In the case some Addins aren‘t compatible with .NET 4.8 I‘d update to 4.5.2, which gets updates and should be compatible with 4.5 and 4.5.1.
Wer Rechtschreibfehler findet, darf sie behalten oder an den Meistbietenden versteigern. / Everybody finding a misspelling is allowed to keep or sell it.
aker
aker
 
Posts: 3665
Joined: 02.03.2011, 15:32

Re: Windows Home Server 2011 Updates

Postby lioninstreet » 20.04.2020, 17:50

Great, thank you for the effort and your attention to detail. I'm setting up a clean install to have ready to work with once you're closer to finalizing the tool
lioninstreet
 
Posts: 104
Joined: 21.06.2018, 00:06

Re: Windows Home Server 2011 Updates

Postby aker » 21.04.2020, 10:17

First test results:
- the UEFIHotfix isn‘t detected by wsusou, I need to add an additional detection routine
- I missed some exclusions for the convenience rollup, currently checking, which ones are missing.
Wer Rechtschreibfehler findet, darf sie behalten oder an den Meistbietenden versteigern. / Everybody finding a misspelling is allowed to keep or sell it.
aker
aker
 
Posts: 3665
Joined: 02.03.2011, 15:32

PreviousNext

Return to Fehlende Updates / Missing updates

Who is online

Users browsing this forum: Google [Bot] and 6 guests