Jump to content

WSUS on Windows Server 2012 R2 appears to be badly broken


Karlston

Recommended Posts

Windows Update server won't synchronize and is throwing errors 7032 and 7053 when trying to connect

WSUS 2012 R2 admins may face a difficult day ahead if a report from Cliff Hogan, posted this morning on AskWoody.com, is any indication.

 

Hogan reports:

What a mess!!! Microsoft Update upstream for WSUS was down for about 12 hours for Windows 2012 R2 version. It was OK for Windows 2008 R2 and Windows Server 2016 Technology Preview 5. This is more than likely related to the failed patch last month KB3148812 which has now been pulled.

The problem is the "new" WSUS distribution method that was supposed to take effect on May 1. Microsoft had warned about it, tried to put manual procedures in place to fix it, and ultimately pulled the bad patch, as I described two weeks ago.

 

Right now, Microsoft's most recent update to its What you need to know about KB3148812, Part Two Technet post says:

 

This update contains critical functionality that needs to be in place before the Anniversary Update, but it does not need to be installed this week (e.g., there is no security fix that patches a known vulnerability).  Therefore, here are our recommendations: Until further notice, if you have not already installed this update, do not install KB3148812…

 

We have identified the root cause for the issue and are currently testing a fix.  We've gotten a good number of positive results from those that offered to test the package, and are working out some corner case scenarios with the few that had issues.

It looks like the root cause has come home to roost. WSUS on Server 2012 R2 appears to be badly broken.

 

I'm starting to see reports in Europe this morning that say WSUS 2012 R2 is throwing errors 7032 and 7053 when trying to connect to the WSUS server.

 

Hogan (who's tackling these problems in Australia) says:

While failing syncing, it still synchronised 10 Office Updates this morning. I am wondering if it fails on that new functionality only or it is just an outage at Microsoft or a last minute try to block some updates. It works for individual computers though.

 

It is likely that Windows Server 2008 R2 is not aware of the new configuration while Windows 2016 TP5 supports it natively.

It looks like the WSUS 2012 R2 Titanic just crashed into the new ESD-encrypted update stream iceberg. Microsoft really needs to get its patching act together. If it can't get KB 3148812 to work, there should be an alternative. Now.

 

Give your admin a smile this morning. They may be in for a hellacious day.

 

Source: WSUS on Windows Server 2012 R2 appears to be badly broken

 

(InfoWorld - Woody Leonhard)

Link to comment
Share on other sites


  • Replies 2
  • Views 1k
  • Created
  • Last Reply
vibranium
Quote

 

This update contains critical functionality that needs to be in place before the Anniversary Update, but it does not need to be installed this week (e.g., there is no security fix that patches a known vulnerability).  Therefore, here are our recommendations: Until further notice, if you have not already installed this update, do not install KB3148812.

 

 

Gee whiz. The emperor has no clothes.

 

Link to comment
Share on other sites


An update from our friend Woody...

Microsoft tries again with a faulty WSUS patch, but more work will be required of users to fix the problems caused by its predecessor

If you’re using Windows Server Update Services (WSUS) on Server 2012 R2, you’ve gone through a tough month. On April 19, Microsoft released KB 3148812, a patch that was supposed to make your version of WSUS compatible with the new Electronic Software Distribution (ESD)-encrypted patches rolling out starting May 1. Unfortunately, the patch threw errors, froze machines, and generally caused so much mayhem that Microsoft tried to document workarounds before finally pulling it.

 

On April 20, Microsoft announced it had “identified the root cause, and the good news is that this is not an issue of code quality. The package is good as is, but it requires some additional manual steps to be taken afterward in order to realign the moving parts of the system.” Two TechNet posts each tried to explain how to apply fixes after the patch was installed. Neither worked.

 

Now, finally, we have a new blog post with a new patch KB 3159706. The documentation says this version will work:

Windows 10 feature updates (denoted by the “Upgrades” classification in WSUS) are staged in encrypted packages to Windows Update several days prior to the actual go-live date.  This is to ensure that we can release to all regions simultaneously.  The Windows 10 client has been able to decrypt these packages since RTM; however, WSUS was not able to do this.  Until now, we have been manually decrypting these packages prior to releasing to the WSUS channel, the process of which is both time consuming and error prone.  KB3159706 introduces this functionality to WSUS for Windows Server 2012/R2, such that it can now natively decrypt this content.  Skipping this KB means not being able to distribute the Windows 10 Anniversary Update, or any subsequent feature update, via these platforms.  Note that Windows Server 2016 will have this functionality at RTM.

It goes on to say you don’t have to uninstall KB 3148812 before you install this patch:

Both these updates modify the same files as KB3159706; since the latter is newer, it will simply replace the binaries. You can remove KB3148812 (if you don’t recognize this KB, then no action is needed), but it is not necessary

Note: After you install the patch, you have to go into WSUS and run through a complex series of manual steps, documented in the KB article, to get it to work.

 

If you have a problem with it, I suggest you post a response on the TechNet article.

 

Source: Microsoft replaces WSUS patch KB 3148812 with KB 3159706

 

(InfoWorld - Woody Leonhard)

 

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...