MS - you're killing me. WSUS issues
-
I'm sure several of you by now have seen that there are major issues with WSUS and Windows 10 Anniversary update (1607).
What's worse, sometime between the RTM of 1607 and kb3193494 MS broke the client side of the Windows Update Service. If your's is broken, the only way to fix it is to manually (or a third party utility like PDQ Deploy or SCCM) deploy kb3193494. But there are cases where installing kb3193494 comes to late. In those cases, currently the only solution is the wipe and reload the machine.
I'm thinking about wiping out my WSUS server and starting from scratch and making a How-To for WSUS on 2012 R2.
-
Can't you do snapshots on them before you update so you don't have to do a full reinstall?
-
@stacksofplates said in MS - you're killing me. WSUS issues:
Can't you do snapshots on them before you update so you don't have to do a full reinstall?
On the PCs?
The full reinstall has to be done on the Windows 10 clients.
-
Yes, my main issue tho is Windows 10 computers not respecting install time window, and installing updates in the middle of the days instead of Friday night. Oh and the neverending checking for updates on Windows 7
-
OK I just installed kb3193494 and my problems have gone away, and my machine checked in with WSUS for the remaining updates I needed (and another reboot).
From what I can tell, MS possibly released a bad patch in kb3189866 and replaced it with kb3193494. Both of these cumulative updates take you to version 14393.187.
-
@Dashrender said in MS - you're killing me. WSUS issues:
@stacksofplates said in MS - you're killing me. WSUS issues:
Can't you do snapshots on them before you update so you don't have to do a full reinstall?
On the PCs?
The full reinstall has to be done on the Windows 10 clients.
Right. I snapshot our root partitions before I update. That way if something is borked I can just merge the snapshot and reboot the workstation.
-
@stacksofplates said in MS - you're killing me. WSUS issues:
@Dashrender said in MS - you're killing me. WSUS issues:
@stacksofplates said in MS - you're killing me. WSUS issues:
Can't you do snapshots on them before you update so you don't have to do a full reinstall?
On the PCs?
The full reinstall has to be done on the Windows 10 clients.
Right. I snapshot our root partitions before I update. That way if something is borked I can just merge the snapshot and reboot the workstation.
I don't run VDI, so I don't have a snapshot mechanism. Sure I could run clonezilla or Veeam EndPoint Protection, but on 110 devices, before deploying updates? yeah I think not.
-
@Dashrender said in MS - you're killing me. WSUS issues:
@stacksofplates said in MS - you're killing me. WSUS issues:
@Dashrender said in MS - you're killing me. WSUS issues:
@stacksofplates said in MS - you're killing me. WSUS issues:
Can't you do snapshots on them before you update so you don't have to do a full reinstall?
On the PCs?
The full reinstall has to be done on the Windows 10 clients.
Right. I snapshot our root partitions before I update. That way if something is borked I can just merge the snapshot and reboot the workstation.
I don't run VDI, so I don't have a snapshot mechanism. Sure I could run clonezilla or Veeam EndPoint Protection, but on 110 devices, before deploying updates? yeah I think not.
VSS?
-
@Dashrender said in MS - you're killing me. WSUS issues:
@stacksofplates said in MS - you're killing me. WSUS issues:
@Dashrender said in MS - you're killing me. WSUS issues:
@stacksofplates said in MS - you're killing me. WSUS issues:
Can't you do snapshots on them before you update so you don't have to do a full reinstall?
On the PCs?
The full reinstall has to be done on the Windows 10 clients.
Right. I snapshot our root partitions before I update. That way if something is borked I can just merge the snapshot and reboot the workstation.
I don't run VDI, so I don't have a snapshot mechanism. Sure I could run clonezilla or Veeam EndPoint Protection, but on 110 devices, before deploying updates? yeah I think not.
Huh? Doesn't MS's dynamic disks or whatever that crap is called do snapshots?
I'm talking about snapshots on the physical machine.
-
@scottalanmiller said in MS - you're killing me. WSUS issues:
@Dashrender said in MS - you're killing me. WSUS issues:
@stacksofplates said in MS - you're killing me. WSUS issues:
@Dashrender said in MS - you're killing me. WSUS issues:
@stacksofplates said in MS - you're killing me. WSUS issues:
Can't you do snapshots on them before you update so you don't have to do a full reinstall?
On the PCs?
The full reinstall has to be done on the Windows 10 clients.
Right. I snapshot our root partitions before I update. That way if something is borked I can just merge the snapshot and reboot the workstation.
I don't run VDI, so I don't have a snapshot mechanism. Sure I could run clonezilla or Veeam EndPoint Protection, but on 110 devices, before deploying updates? yeah I think not.
VSS?
Interesting - I suppose you could kick off a system restore point every time you do updates, which is practically daily now with MS. Then if it's broken, you could roll back. Still talk about a huge hassle. I don't know if it's possible to roll a system back remotely (I mean via scripting, etc)
-
@stacksofplates said in MS - you're killing me. WSUS issues:
@Dashrender said in MS - you're killing me. WSUS issues:
@stacksofplates said in MS - you're killing me. WSUS issues:
@Dashrender said in MS - you're killing me. WSUS issues:
@stacksofplates said in MS - you're killing me. WSUS issues:
Can't you do snapshots on them before you update so you don't have to do a full reinstall?
On the PCs?
The full reinstall has to be done on the Windows 10 clients.
Right. I snapshot our root partitions before I update. That way if something is borked I can just merge the snapshot and reboot the workstation.
I don't run VDI, so I don't have a snapshot mechanism. Sure I could run clonezilla or Veeam EndPoint Protection, but on 110 devices, before deploying updates? yeah I think not.
Huh? Doesn't MS's dynamic disks or whatever that crap is called do snapshots?
I'm talking about snapshots on the physical machine.
Not that I know of. As Scott said, there is VSS, which on the client side is mainly around your My Documents directory. But then there is System Restore Points. But that's still a pretty huge hassle compared to what you do on a server.
-
@stacksofplates said in MS - you're killing me. WSUS issues:
@Dashrender said in MS - you're killing me. WSUS issues:
@stacksofplates said in MS - you're killing me. WSUS issues:
@Dashrender said in MS - you're killing me. WSUS issues:
@stacksofplates said in MS - you're killing me. WSUS issues:
Can't you do snapshots on them before you update so you don't have to do a full reinstall?
On the PCs?
The full reinstall has to be done on the Windows 10 clients.
Right. I snapshot our root partitions before I update. That way if something is borked I can just merge the snapshot and reboot the workstation.
I don't run VDI, so I don't have a snapshot mechanism. Sure I could run clonezilla or Veeam EndPoint Protection, but on 110 devices, before deploying updates? yeah I think not.
Huh? Doesn't MS's dynamic disks or whatever that crap is called do snapshots?
I'm talking about snapshots on the physical machine.
Yes, it's from the VSS subsystem. Introduced around 2003.
-
@Dashrender said in MS - you're killing me. WSUS issues:
@scottalanmiller said in MS - you're killing me. WSUS issues:
@Dashrender said in MS - you're killing me. WSUS issues:
@stacksofplates said in MS - you're killing me. WSUS issues:
@Dashrender said in MS - you're killing me. WSUS issues:
@stacksofplates said in MS - you're killing me. WSUS issues:
Can't you do snapshots on them before you update so you don't have to do a full reinstall?
On the PCs?
The full reinstall has to be done on the Windows 10 clients.
Right. I snapshot our root partitions before I update. That way if something is borked I can just merge the snapshot and reboot the workstation.
I don't run VDI, so I don't have a snapshot mechanism. Sure I could run clonezilla or Veeam EndPoint Protection, but on 110 devices, before deploying updates? yeah I think not.
VSS?
Interesting - I suppose you could kick off a system restore point every time you do updates, which is practically daily now with MS. Then if it's broken, you could roll back. Still talk about a huge hassle. I don't know if it's possible to roll a system back remotely (I mean via scripting, etc)
That's been their recommended process for over a decade now
-
@stacksofplates said in MS - you're killing me. WSUS issues:
@Dashrender said in MS - you're killing me. WSUS issues:
@stacksofplates said in MS - you're killing me. WSUS issues:
@Dashrender said in MS - you're killing me. WSUS issues:
@stacksofplates said in MS - you're killing me. WSUS issues:
Can't you do snapshots on them before you update so you don't have to do a full reinstall?
On the PCs?
The full reinstall has to be done on the Windows 10 clients.
Right. I snapshot our root partitions before I update. That way if something is borked I can just merge the snapshot and reboot the workstation.
I don't run VDI, so I don't have a snapshot mechanism. Sure I could run clonezilla or Veeam EndPoint Protection, but on 110 devices, before deploying updates? yeah I think not.
Huh? Doesn't MS's dynamic disks or whatever that crap is called do snapshots?
I'm talking about snapshots on the physical machine.
Does Windows Server have a built in Snap Shot ability not considering Hyper-V (or any hypervisor)?
-
@Dashrender said in MS - you're killing me. WSUS issues:
@stacksofplates said in MS - you're killing me. WSUS issues:
@Dashrender said in MS - you're killing me. WSUS issues:
@stacksofplates said in MS - you're killing me. WSUS issues:
@Dashrender said in MS - you're killing me. WSUS issues:
@stacksofplates said in MS - you're killing me. WSUS issues:
Can't you do snapshots on them before you update so you don't have to do a full reinstall?
On the PCs?
The full reinstall has to be done on the Windows 10 clients.
Right. I snapshot our root partitions before I update. That way if something is borked I can just merge the snapshot and reboot the workstation.
I don't run VDI, so I don't have a snapshot mechanism. Sure I could run clonezilla or Veeam EndPoint Protection, but on 110 devices, before deploying updates? yeah I think not.
Huh? Doesn't MS's dynamic disks or whatever that crap is called do snapshots?
I'm talking about snapshots on the physical machine.
Not that I know of. As Scott said, there is VSS, which on the client side is mainly around your My Documents directory. But then there is System Restore Points. But that's still a pretty huge hassle compared to what you do on a server.
VSS isn't around anything specific. It's the LVM snapshot mechanism.
-
@Dashrender said in MS - you're killing me. WSUS issues:
@stacksofplates said in MS - you're killing me. WSUS issues:
@Dashrender said in MS - you're killing me. WSUS issues:
@stacksofplates said in MS - you're killing me. WSUS issues:
@Dashrender said in MS - you're killing me. WSUS issues:
@stacksofplates said in MS - you're killing me. WSUS issues:
Can't you do snapshots on them before you update so you don't have to do a full reinstall?
On the PCs?
The full reinstall has to be done on the Windows 10 clients.
Right. I snapshot our root partitions before I update. That way if something is borked I can just merge the snapshot and reboot the workstation.
I don't run VDI, so I don't have a snapshot mechanism. Sure I could run clonezilla or Veeam EndPoint Protection, but on 110 devices, before deploying updates? yeah I think not.
Huh? Doesn't MS's dynamic disks or whatever that crap is called do snapshots?
I'm talking about snapshots on the physical machine.
Does Windows Server have a built in Snap Shot ability not considering Hyper-V (or any hypervisor)?
VSS. Same one as in Windows Desktop. Started with Server 2003, I believe. 2000 did not have it and the Linux community continuously mocked Windows Admins for living in the dark ages.
-
OK - feel free to enlighten me then.
How would you engage VSS on a workstation before installing updates?
-
But that's still a pretty huge hassle compared to what you do on a server.
Oh I just run a playbook with Ansible and it merges it back in and reboots the machines.
-
I took a look in System Properties > System Protection > System Restore (Button) and found several points I could roll back to.
https://i.imgur.com/Ig2mDA1.pngI suppose it's worth a try. If I find myself with a bricked install (I only have 4 1607 installs currently) I'll try this.
-
There you go, that's how VSS is supposed to work. Get one taken right before patching and another right after. Then you have lots of options.