Forum Widgets
Latest Discussions
Why have all Microsoft download links for wushowhide.diagcab been broken for many months?
This important Windows Update troubleshooter is the recommended solution in many Windows support articles, but for some hidden reason Microsoft have made it impossible to obtain.SolvedBruceRobertsJun 17, 2021Steel Contributor336KViews1like22CommentsNested groups and Azure AD
Our business with a single forest is doing the two nested group method for everything. I have heard in discussions that in the Azure world this is no longer recommended practice and really only applied to multi domain worlds in the first place. Is there any documentation on guidance and recommendations on not using nested groups?FuzzyWazHeFeb 17, 2022Copper Contributor96KViews1like4CommentsWrong keyboard layout at login screen
Today we had high amount of service desk calls about users cannot login to their device due to "wrong" password. It turned out that UK keybaord layout has been set somehow and cannot be switched to something else while the users themsleves have en-US layout "inside" the OS which is en-US as well. Before Logon; en-UK After Logon; en-US That cause some trouble with special characters in the password. The only thing we've seen is that March cumulative update KB5011487 and Update for 21H1 KB4023057 have been installed the day before. Just taking the opportunity to ask here if something knownOlaf_ThyssenMar 17, 2022Brass Contributor71KViews3likes19CommentsJanuary 2022 Quality Update Breaks VPN Connections
A couple forum posts: Re: Client VPN Error After January Windows Updates - The Meraki Community KB5009543 - January 11, 2022 Breaks L2TP VPN Connections : sysadmin (reddit.com) These clearly outline the issue with the latest updates breaking VPN connectivity for many Meraki VPN systems (and perhaps others). Rolling back the update resolves the issue. A couple questions for the Windows update team: 1. Any idea when Microsoft will be able to review, confirm and correct this issue? 2. If Microsoft were to release a fix for this part way through the month, how would you typically recommend this get deployed? Windows update for Business doesn't allow us to control/deploy anything other than the Feature and Quality updates. Is the recommendation to just remain unpatched until the February Quality update catches things up and presumably includes a fix for the VPN issue?SolvedBrianG-PPNJan 12, 2022Brass Contributor57KViews9likes31CommentsWindows update error code 0x8024401f
At my company there are multiple computers if not all of them that report error code 0x8024401f when trying to update windows and I can't find a solution anywhere. For example I did a clean install of windows 10 pro on a brand new Dell latitude 7080 laptop and I was able to update windows through windows update until it said that my computer was up to date. Then I installed Office 365, teamviewer and Trend Micro. Couple of days later I tried to check for update in windows update which resulted in this error. Any ideas? Regards Hilmir GDeletedSep 06, 201749KViews0likes2CommentsConfused about Semi-Annual Channel (Pilot) and Semi-Annual Channel (Broad) Timing
So the pilot comes on on a March and September timing. So the first will be 1709. So right now the latest CB is 1703. Does it become the last CBB or the first Semi-Annual Channel (Broad)? Is the approximately four months between the release of a Semi-Annual Branch (Pilot) and the Semi-Annual Branch Channel (Broad)? Or are Semi-Annual Channel (Pilots) promoted to Semi-Annual Channel (Broads) on six month boundaries too? On the 18 months support? Is that measured against both channels or the first (Pilot)? As you throttle release (based on hardware), does 18 months come from the date first released for first hardware platform, or when available to all platforms? ThanksMichael_CherryMay 04, 2017Brass Contributor30KViews5likes14CommentsFAQ: WSUS and Unified Update Platform (UUP) on premises
Unified Update Platform (UUP) on-premises servicing is almost here! If you're a Windows Server Update Services (WSUS) user, we are sure you have some questions. We hope that you find this FAQ useful, and we will update it periodically. If you have a question not represented here, please leave a comment below. What versions of WSUS are supported to receive UUP-style updates? Windows Server 2012 and later versions of WSUS are able to get UUP-style updates. Please consider moving to a supported version if yours is not. How do I make sure I have the correct MIME type configuration? In order for UUP on premises to work with your current WSUS infrastructure, you need a specific MIME type configuration. Installing the update for KB5022286 (for Windows Server 2019) and KB5022291 (for Windows Server 2022) will automatically add support for .wim and .msu file types, which are required with UUP updates. If your WSUS server already had these configured elsewhere, you will see the following failure message: Cannot add duplicate collection entry of type 'mimeMap' with unique key attribute 'fileExtension' set to '.wim'. To work around this issue, you can use one of the following two solutions. Locate the .config file that is adding the MIME type and add the <remove fileExtension=".wim" /> line above it to remove the MIME type registered higher up in the hierarchy. The remove should be fine even if .wim MIME type does not exist at a higher level. The other workaround is to remove the conflicting MIME type from the higher level (i.e., remove .wim from the server level in this case). This can be done with either UI (inetmgr) or CLI (appcmd/powershell). Read more about the manual and PowerShell steps in Adding file types for Unified Update Platform on premises. If my WSUS is behind a firewall, what settings should I apply? Is your WSUS not getting updates? It can happen if there's a corporate firewall between WSUS and the internet. In that case, configure that firewall to ensure that WSUS can get updates. See guidance to configure your firewall to allow your WSUS servers to connect to Microsoft domains on the internet. There, you'll find the full and recently updated list of domains to support UUP on premises. Note that we've recently added the following domains: http://*.delivery.mp.microsoft.com https://*.delivery.mp.microsoft.com How can I configure automatic approval rules for UUP updates? WSUS supports creating automatic approval rules based on the update-specific classification (for example, security) or product (for example, Windows 11). Any existing auto approvals will just work for UUP updates. See what it looks like to configure automatic approvals in the WSUS Administration Console. Follow the path to Update Services > Options > Automatic Approvals. The Automatic Approvals dialog box opened from under Options for Update Services in the WSUS Administration Console. Configure automatic approvals in the Advanced tab by checking all of the boxes, as illustrated. All boxes are checked in the Advanced tab of the Automatic Approvals dialog box. Find detailed instructions in Configure auto-approval rules. What is the file size of the first UUP update? Distribution points. Your distribution points will undergo a one-time 10GB download on March 28th, 2023. This new, one-time UUP update will be published as a security update and will have the same payload as KB5023706 published on March 14th. In other words, the March 28th update will supersede the earlier update. It will not contain any additional security fixes. Endpoint clients. If your endpoint clients were successfully updated on March 14th, they will not receive any downloads until the following month's update and will be smaller than before. Only updates that have differences will be updated on the client. How do I manage superseded updates on March 28th? (Updated: 4.3.2023) The March 28th update will supersede your regular security update installed on or after March 14th (KB5023706). Note: Superseded updates are recommended for new features but are not required in WSUS for a client to install a newer update. Make sure quality updates remain in your environment until most, if not all, of your PCs have installed a more recent quality update. If needed, modify maintenance tasks that remove superseded updates. For details on how to manage superseded updates in WSUS, see The Server cleanup Wizard. For guidance on approving, declining, cleaning up, and reinstalling updates, including superseded updates, visit Updates Operations. What is required to support Microsoft Connected Cache? In order to use Microsoft Connected Cache with these updates, make sure WSUS is updated with KB5003217, otherwise known as the 2021.05 non-security update. Do the following to meet prerequisites for Microsoft Connected Cache and redirect downloads back to CDNs (content delivery networks): Enable local download on WSUS server. Use admin PowerShell to: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Update Services\Server\Setup" /v ReturnMuUrlForUpdates /d 1 /t REG_DWORD /f iisreset Restart-Service *Wsus* -v Approve an update. Note: WSUS with the above configuration will always download content locally when an update is approved. However, the client will get the Microsoft Connected Cache URL. This configuration is particularly useful for the case when Microsoft System Center Configuration Manager (SCCM) is used and WSUS has local downloads enabled. Scan a client, check Windows Update logs for the URL of update files. It will point to Microsoft download endpoints instead of your local WSUS server. You can configure bandwidth throttling for downloads from WSUS to your devices that use Delivery Optimization. Leverage its peer-to-peer capabilities for additional bandwidth savings. Learn more at Delivery Optimization. What are some security best practices for using WSUS? To provide additional protection from potential malware attacks, we recommend using HTTPS with WSUS. See Security best practices for Windows Server Update Services (WSUS) for steps to protect your server. You should also monitor who has access to different security groups such as the administrators and reports group. Make sure that you give access to people who should have access. To add a user to the WSUS Administrators group, follow these steps: On the WSUS server, click Start > Administrative Tools > Computer Management. From the expanded Local Users and Groups view, select Groups > WSUS Administrators. In the WSUS Administrators Properties dialog box, click Add. In the Enter the object names to select (examples) box, type the object name, and then click OK. Does UUP on-premises servicing change how Dynamic Update works? Yes, there are several changes. When Windows feature update starts, whether via a media-based update or a WSUS-based feature update, Dynamic Update is one of the first steps invoked. Windows Setup connects to an internet-facing URL hosted by Microsoft to fetch Dynamic Update content, and then applies those updates to the operating system installation media. With UUP on-premises servicing, there are several changes around publishing Dynamic Update to WSUS and to the Microsoft Update Catalog. Publishing Dynamic Update to WSUS In the event of a failure to connect to Microsoft, the fallback to WSUS for Dynamic Update content acquisition is no longer supported. If you are using setupconfig.ini to configure a UUP-based feature update, the only applicable Dynamic Update parameter is /DynamicUpdate NoDrivers. The reason is the other relevant Dynamic Update packages are automatically included within the approved feature update. If you are configuring Dynamic Update using Setup.exe for a media-based feature update, Setup.exe will continue to connect to Microsoft to fetch Dynamic Update content. It then applies those updates to the operating system installation media. Publishing Dynamic Update to the Microsoft Update Catalog Three changes have been made to the publishing of Dynamic Update to the Microsoft Update Catalog. Dynamic Update content will continue to be published to the Microsoft Update Catalog. However, you'll no longer be able to import these updates into WSUS for the purpose of Dynamic Update fallback. This option is no longer supported with UUP on-premises servicing. You can now easily search for the update title, product, and description for safe OS, setup update, and Servicing Stack Update (if it is published separately from the Cumulative Update). For example: YYYY-MM Safe OS Dynamic Update for Windows 11, version 22H2 for x64-based systems (KB…) YYYY-MM Setup Dynamic Update for Windows 11, version 22H2 for x64-based systems (KB…) YYYY-MM Servicing Stack Update for Windows 11, version 22H2 for x64-based systems (KB…) Finally, the Cumulative Update will be published to the Microsoft Update Catalog as an MSU file only. What does this mean for you? The CAB format of the update will no longer be published. If you are using DISM to perform the online installation of CAB-based Cumulative Update, you should change your code to perform the online installation using the MSU. The inner CAB (within the MSU) is not standalone and will fail to install. Don't fret! Online installation of the MSU has been supported starting with Windows 11, version 21H2. Consult DISM Operating System Package (.cab or .msu) Servicing Command-Line Options for details. Other helpful resources If your concern isn't listed, please check out the following resources and leave us a comment below. What's UUP? New update style coming next week! UUP on premises updates for Windows 11 Adding file types for Unified Update Platform on premisesPaul_ReedMar 20, 2023Microsoft27KViews2likes8Commentsremotely trigger a windows update scan
Is there a way to remotely trigger a windows update for business scan using PowerShell on machines that haven’t had users logon to them in awhile? We’ve recently switched to Intune WUfB and the biggest problem we’ve had are with machines that haven’t been used recently. It seems like an initial logon and check for updates scan resolves it. Would be nice to hit those remote machines with a run script to check for updates in just one batch instead of remotely logging into the machines. Expedited Updates doesn’t do the trick either unfortunately. Is this expected behavior?Jakesnyder245Jun 19, 2021Copper Contributor25KViews1like1CommentKnown issue with importing updates from the Microsoft Update Catalog on WSUS 10.0 (Windows Server 20
We are currently working on a known issue with importing updates on WSUS 10.0 (Windows Server 2016) from the Microsoft Update Catalog, which fails with the following error: “This update cannot be imported into Windows Server Update Service, because it is not compatible with your version of WSUS”. (see image) We are aware of the issue and presently working on a fix. In the meantime, the following workarounds can be used to unblock your deployment: After clicking on the “Import Updates…” option in the WSUS console, an Internet Explorer window will open on the following URL: http://catalog.update.microsoft.com/... &Protocol=1.20 Before proceeding with importing the updates, change the “1.20” protocol value in the URL to the previous protocol value “1.8”. The URL should look like this when you’re done: http://catalog.update.microsoft.com/... &Protocol=1.8SolvedJeffWolfordFeb 23, 2018Microsoft19KViews2likes9CommentsWindows Store for Business / Windows 11
As an enterprise customer we cannot allow the users to have the Windows Store available, Windows Store for Business was a good solution on Windows 10 as we could fine grained offer certain apps. Windows 11 doesn't support it anymore, Joe's post from Mid of 2021 is outdated and vage about the future. If we block the store, the built-in apps won't upgrade anymore unless they are covered in cumulative updates. We cannot offer our favorite apps anymore. Offering such apps via Intune (synced from Windows Store for Business) requires co-managed devices managed by Intune (at least MECM app workload) but doesn't solve the app updates itself afterwards. Rigth now this is a show stopper to implement Windows 11 (we have 8000 comaptible devices) What is the roadmap for such sceanrio ?Olaf_ThyssenMar 17, 2022Brass Contributor18KViews2likes19Comments
Resources
Tags
- windows 1029 Topics
- wufb23 Topics
- Office Hours18 Topics
- Update management12 Topics
- Windows Update11 Topics
- microsoft intune10 Topics
- windows8 Topics
- Configuration Manager8 Topics
- WSUS7 Topics
- Servicing6 Topics