Apr 22 2020 02:59 PM
Hi, are you aware of issues with the detection of the 1909 enablement kb in Configmgr.
We have been working with support for close to two months trying to fix the fact that the enablement KB is not seen as required on Windows 10 1903 Enterprise (fully patched).
If we force install the KB with Dism, it works, but that's a workaround until the detection issue is fixed.
we are on CB 1910 with latest hotfix
Thank you in advance and don't hesitate if you have any questions.
Apr 24 2020 10:39 AM
@Stephane Lalancette not aware of any issues here. Is support able to reproduce the same issue in-house? Either way, WUA verbose logging will provide clues on why EKB is not returning as applicable. ConfigMgr is simply going to return the state provided by WUA. Support will be able to provide steps for enabling WUA verbose logging, if that hasn't already been done.
Apr 27 2020 07:22 AM
@Michael_Cureton thank you for the quick answer. It helped us focus our tests to check if the issue was coming from WUA or confimgr.
So we clearly see that the issue is not with the Windows Update agent, but configmgr that someone isn't able to interpret the compliance that is sent from WUA for that specific update.
Verbose logging had indeed already been enabled by support.
Last test that we did, to confirm the issue is on configmgr side, was to have a Windows 10 1903 machine managed by configmgr, confirmed that the KB is not seen as required.
then, go online to check for update and it is seen a required and gets installed.
Steph
Apr 27 2020 08:38 AM
@Stephane Lalancette that's interesting. I've never seen WUA report an update as required and CM not report the same. I actually tested the e2e over the weekend and the EKB was reported as required. If the WUA verbose log indicates that WUA is returning the update as applicable then the next step would be to review the corresponding verbose logs from CM. WUAHandler, UpdateStore, and UpdatesHandler should indicate the processing of the state from WUA. If the state is noted there as missing, then the issue is server side. If the state is noted as not applicable, then there is an issue client side.
Assuming support can repro the same issue, it should make root cause identification easier.
Apr 28 2020 03:53 PM
@Stephane Lalancette Do you have Windows 10 1909 updates enabled on WSUS and within MECM?
Apr 29 2020 09:55 AM
Yes we have Windows 10 and later.
All the updates are sync/visible in MEMCM
Apr 29 2020 09:57 AM
@Michael_Cureton we will try to have a look later this week at enabling verbose logging for sccm client logs to see if we get more information.
I will post updates ASAP
Thks
May 11 2020 11:44 AM - edited May 12 2020 11:41 AM
@Michael_Cureton after the support call that escalated/transfered to another engineer, it was discovered that the update was still in disabled state (after a WSUS cleanup script) in the sccm DB, but not in the sccm/WSUS UI.
After he modified the entry on all sites, the KB is seen as required on all machines that need it.
Here's what was done (keep in mind that SQL changes were done by MS support engineer):
Validate:
Select UpdateID, Declined from vwMinimalUpdate where UpdateID = '613b0e8e-21ae-4fbb-9751-879d871a68e2'
UpdateID | Declined |
613B0E8E-21AE-4FBB-9751-879D871A68E2 | 0 |
After that, we force the change of the flag directly in the database
Change:
Update vwMinimalUpdate Set Declined = 0 where UpdateID = '613b0e8e-21ae-4fbb-9751-879d871a68e2'
Thks
May 11 2020 11:47 AM
@Stephane Lalancette for your last sentence was the not meant to be now?
May 12 2020 11:34 AM
May 13 2020 11:22 AM
@Stephane Lalancette good deal. Sounds like we're all squared away.