Detection issue with 1909 enablement KB in Configmgr

Brass Contributor

Hi, are you aware of issues with the detection of the 1909 enablement kb in Configmgr.

 

We have been working with support for close to two months trying to fix the fact that the enablement KB is not seen as required on Windows 10 1903 Enterprise (fully patched).

 

If we force install the KB with Dism, it works, but that's a workaround until the detection issue is fixed.

 

we are on CB 1910 with latest hotfix

 

Thank you in advance and don't hesitate if you have any questions.

10 Replies

@Stephane Lalancette not aware of any issues here. Is support able to reproduce the same issue in-house? Either way, WUA verbose logging will provide clues on why EKB is not returning as applicable. ConfigMgr is simply going to return the state provided by WUA. Support will be able to provide steps for enabling WUA verbose logging, if that hasn't already been done.

@Michael_Cureton thank you for the quick answer. It helped us focus our tests to check if the issue was coming from WUA or confimgr.

 

So we clearly see that the issue is not with the Windows Update agent, but configmgr that someone isn't able to interpret the compliance that is sent from WUA for that specific update.

 

Verbose logging had indeed already been enabled by support.

 

Last test that we did, to confirm the issue is on configmgr side, was to have a Windows 10 1903 machine managed by configmgr, confirmed that the KB is not seen as required.

 

then, go online to check for update and it is seen a required and gets installed.

 

Steph

@Stephane Lalancette that's interesting. I've never seen WUA report an update as required and CM not report the same. I actually tested the e2e over the weekend and the EKB was reported as required. If the WUA verbose log indicates that WUA is returning the update as applicable then the next step would be to review the corresponding verbose logs from CM. WUAHandler, UpdateStore, and UpdatesHandler should indicate the processing of the state from WUA. If the state is noted there as missing, then the issue is server side. If the state is noted as not applicable, then there is an issue client side. 

 

Assuming support can repro the same issue, it should make root cause identification easier. 

@Stephane Lalancette Do you have Windows 10 1909 updates enabled on WSUS and within MECM?

Yes we have Windows 10 and later.

 

All the updates are sync/visible in MEMCM

@Michael_Cureton we will try to have a look later this week at enabling verbose logging for sccm client logs to see if we get more information.

 

I will post updates ASAP

 

Thks

@Michael_Cureton after the support call that escalated/transfered to another engineer, it was discovered that the update was still in disabled state (after a WSUS cleanup script) in the sccm DB, but not in the sccm/WSUS UI.

 

After he modified the entry on all sites, the KB is seen as required on all machines that need it.

 

Here's what was done (keep in mind that SQL changes were done by MS support engineer):

Validate:

Select UpdateID, Declined from vwMinimalUpdate where UpdateID = '613b0e8e-21ae-4fbb-9751-879d871a68e2'

 

UpdateIDDeclined
613B0E8E-21AE-4FBB-9751-879D871A68E20

 

After that, we force the change of the flag directly in the database

Change:

Update vwMinimalUpdate Set Declined = 0 where UpdateID = '613b0e8e-21ae-4fbb-9751-879d871a68e2'

Thks

@Stephane Lalancette for your last sentence was the not meant to be now?

Yes you,re right, I've edited my previous reply.

Thks for pointing it out

@Stephane Lalancette good deal. Sounds like we're all squared away.