question

KlishBrian-5836 avatar image
0 Votes"
KlishBrian-5836 asked RitaHu-MSFT commented

client won't install newest 20H2 even though it says it needs it

I recently approved 20H2 in WSUS. I looked for the most recent to approve which was a December 3, 2020 release of En-US x64 Business Editions. Strangely, the newest version of the 20H2 update doesn't say anything supersedes it, but it also doesn't supersede anything even though I can see previous 20H2 versions in WSUS. The November 9, 2020 release says it supersedes a previous release and no update supersedes it. Not sure why the December 3 release didn't supersede it.

Most clients liked the December 3 version that I approved, but 1 client in my pilot group reported to WSUS saying it needed it, but would never find it and try to install it. As soon as I approved the November release the client happily started downloading it.

What's up with these 20H2 releases? Should I leave both versions approved? I have a Windows Update Log if anyone wants to see it, but it looks fine to me.

windows-server-update-services
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RitaHu-MSFT avatar image
0 Votes"
RitaHu-MSFT answered XinGuo-MSFT edited

Hi KlishBrian,

Thanks for your posting on Q&A.

Should I leave both versions approved?
No. There is no need to do that. As you mentioned above, the clients have downloaded the November released 20h2 feature updates. In my opinion, there is no essential difference of the feature updates between in October、November and December. The only difference is the cumulative updates included in the update package.

I found the following picture to share with you:
81092-5.png

We may need to install cumulative updates on the clients after upgrading to 20h2 successfully. Please try to install the latest cumulative updates(kb5001649) to upgrade to latest(19042.870).

Hope the above will be helpful.

Regards,
Rita


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5.png (39.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

KlishBrian-5836 avatar image
0 Votes"
KlishBrian-5836 answered RitaHu-MSFT commented

@RitaHu-MSFT Thanks for your response.

As you mentioned above, the clients have downloaded the November released 20h2 feature updates

As I mentioned most clients downloaded the December released 20H2. Only one client wouldn't. For that client I had to approve the November released 20H2 before it would download 20H2.

Maybe if I only approve the November release and that would work for all clients? I can't say for sure since I don't know why one client didn't like the December release.

Also, I still don't understand why the December release didn't supersede the November release.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Maybe if I only approve the November release and that would work for all clients? I can't say for sure since I don't know why one client didn't like the December release.
In my opinion, whether the updates are to be downloaded and installed decided by windows update agent. There are many reasons which lead to fail to install the feature updates. Perhaps the client missed some essential updates or other reasons. Upgrade to the windows 10 20h2 and approving the latest cumulative updates for the clients will be OK.

Also, I still don't understand why the December release didn't supersede the November release.
It is weird. In my environment, the December released feature updates did supersede the November released feature updates.
Here is related screenshot for your reference:
81335-19.png

Hope the above will be helpful. Thanks for your time.

0 Votes 0 ·
19.png (79.9 KiB)
KlishBrian-5836 avatar image
0 Votes"
KlishBrian-5836 answered

Definitely not what I'm seeing:





81527-dec.png


Additionally:





81612-nov.png





dec.png (54.4 KiB)
nov.png (60.2 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

KlishBrian-5836 avatar image
0 Votes"
KlishBrian-5836 answered

And like I said above, I had approved the December update and that 1 pilot client did not find it when checking for updates. I had 3 machines in my pilot group. 2 of them grabbed the December update that was approved, but the 3rd client wouldn't. When it checked for updates it found nothing after nearly 2 weeks if it being approved. If the December release isn't liked by some clients then I'll need to decline it and just approve the November release. Either way both of them will still needed the latest CU applied afterwards anyhow.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AJTek-Adam-J-Marshall avatar image
0 Votes"
AJTek-Adam-J-Marshall answered

You should visit the "computers needing this update: 41" link you show in your screenshot. Yes, it's a LINK, even though it's not underlined. Then visit the report to see what systems claim they need that update. it's possible that the client system you have in the 1 target group that this update is approved to is NOT in NEED of this update.

Better yet, go to the computer report of the system that you want to upgrade, and click on the link for the needed updates. Then see what is not approved vs what is approved.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

KlishBrian-5836 avatar image
0 Votes"
KlishBrian-5836 answered

@AJTek-Adam-J-Marshall as mentioned above, I did do that. The report said the client needed the December update that I had already approved, but when the client checked for updates it did not download/install it. That's why I tried approving the November update to see if it would grab that one. Strangely, it did. No clue why.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AJTek-Adam-J-Marshall avatar image
0 Votes"
AJTek-Adam-J-Marshall answered

Did the client have the latest SSU installed? I could see that being a cause.

I'd verify you have the correct setup for the ESD MimeType
https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-3-windows-as-a-service-waas-and-group-policy-administrative-templates/

if your WSUS server is on 2016+, I've seen the requirement to change it to the application/octet-stream even though it comes with the application/vnd.ms-cab-compressed.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

KlishBrian-5836 avatar image
0 Votes"
KlishBrian-5836 answered

@AJTek-Adam-J-Marshall

Yes I believe the latest SSU was installed on the client. Since SSU's are classified as Security updates I have them set to approve automatically on my client group. The machine saw no updates available before installing 20H2 so I would assume it had the latest SSU. I'm trying to contact the end user so I can remote to their machine to confirm their update history. Was going to try getting this via remote PowerShell, but it's not working over the VPN and the user is working remotely from home.

ESD MimeType was setup correctly (by following your site instructions if I recall correctly). Prior to setting up the ESD MimeType the December release of 20H2 also would not be detected by the pilot clients. This is my first time using WSUS to deploy new Windows builds so I just didn't need it setup before now.

I'm currently on Server 2012 R2 for my WSUS server.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AJTek-Adam-J-Marshall avatar image
0 Votes"
AJTek-Adam-J-Marshall answered

It's possible the upgrades classification has an issue on your install. If you have a license for WAM, you can run

.\Clean-WSUS.ps1 -DirtyDatabaseCheck

if you don't, uncheck the Upgrades category, sync with Microsoft, run the Server Cleanup Wizard (SCW), go back and check the upgrades category, and sync with Microsoft.

Approve the upgrade that is 'needed' by the clients (after a time period as now all the upgrades are new, you'll have to wait until some check in).

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

KlishBrian-5836 avatar image
0 Votes"
KlishBrian-5836 answered

I don't have a WAM license so I followed your instructions step by step. For some reason the final sync did not find any new updates. It appears that the SCW did not remove them because I can see upgrades in WSUS console still. Should I have unapproved them before running SCW?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.