Obtaining Extended Security Updates for eligible Windows devices
Published Feb 11 2020 10:00 AM 592K Views

 

Update 3.14.2023: We have added a new table with ESU SKU IDs for Windows Server 2008/2008 R2.

Update 1.31.2023: For organizations that need additional time to upgrade and modernize their Windows Server 2008 and 2008 R2 environments on Azure, we will now offer one additional year of Extended Security Updates (ESU) for Azure environments only. These ESU will be available beginning on February 14, 2023 and ending on January 9, 2024. This also applies to Azure Stack HCI, Azure Stack Hub, and other Azure products. For more details, see Procedure to continue receiving security updates after extended support ends on January 10, 2023.

Update 11.5.2021: For more information, see Update: Extended Security Updates for Windows 7 and Windows Server 2008.

Update 1.12.2021: For more information, see Year two: Extended Security Updates for Windows 7 and Windows Server 2008.

Update 3.10.2020: Before installing and activating ESU keys, please ensure that you have installed all of the prerequisites outlined under Installation prerequisites below. Installing the latest servicing stack updates (SSUs) helps ensures that security updates will continue to land on the devices in your environment. The Installation prerequisites section of this post has been updated to include the current required SSUs, and will continue to be updated as needed.

We understand that everyone is at a different point in the process of deploying and servicing Windows. If your organization was unable to complete the transition from Windows 7 Pro or Enterprise to Windows 10—or from Windows Server 2008 and 2008 R2 Datacenter, Enterprise, or Standard to the latest version of Windows Server—prior to the end of support on January 14, 2020, myself and my fellow members on the ESU team want to help you keep these devices protected while you complete your Windows and Windows Server upgrade projects.

Windows Server 2008 and 2008 R2 Extended Security Updates third and final year of ESU ended on January 10, 2023. Many customers are taking advantage of Azure's commitment to security and compliance and have moved to Azure to protect their 2008 and R2 workloads with free Extended Security Updates.

For those customers who need additional time to upgrade and modernize their Windows Server 2008 and 2008 R2 on Azure, we will now provide one additional year of Extended Security Updates only on Azure available beginning on February 14, 2023, ending on January 9, 2024. This also applies to Azure Stack HCI, Azure Stack Hub, and other Azure products.

Note: Eligible customers with active Software Assurance or Windows Server Subscriptions can use the Azure Hybrid Benefit to obtain discounts on Azure virtual machine licenses or Azure SQL Database managed instances. Extended Security Updates for select Windows Embedded products are available via your embedded device manufacturer.

Purchasing Extended Security Updates through Volume Licensing

Now, let's walk through where to purchase Windows Server 2008 SP2 and Windows Server 2008 R2, and how to find the appropriate key on the Volume Licensing Service Center.

Extended Security Updates are available through specific Microsoft Volume Licensing programs. Coverage is available in three consecutive 12-month increments beginning January 14, 2020. Extended Security updates are available for purchase in 12-month increments only. You cannot buy partial periods (e.g. 6 months of updates).

  1. Visit the Volume Licensing Service Center and sign in using your company's credentials.
  2. Select Licenses > Relationship Summary > Licensing ID > Product Keys > Filter by Product and select Windows Server 2008 R2 Extended Security Year 4 MAK. (Note: You must be a VLSC Administrator or VLSC Product Key Viewer for the relevant agreement to view the MAK keys.)

    ESU-year-2-in-VLSC.png

Installation prerequisites

Note: The prerequisites listed in this section will be updated as needed.

The following steps must be completed before installing and activating ESU keys:

  1. Install the following SHA-2 code signing support update and the following servicing stack update (SSU):

    Windows Server 2008 R2 SP1:
    Servicing stack update for Windows Server 2008 R2 SP1: March 12, 2019 (KB4490628)
    and
    SHA-2 code signing support update for Windows Server 2008 R2 and Windows Server 2008: September 23, 2019 (KB4474419)

    Windows Server 2008 Service Pack 2 (SP2):
    Servicing stack update for Windows Server 2008 SP2: April 9, 2019 (KB4493730)
    and
    SHA-2 code signing support update for Windows Server 2008 R2, Windows Server 2008: September 23, 2019 (KB4474419)

  2. Install the SSU listed below (or a later SSU) and the ESU licensing preparation package:

    Windows Server 2008 R2 SP1:
    Servicing stack update for Server 2008 R2 SP1: September 13, 2022, (KB5017397) or later
    and
    Extended Security Updates (ESU) Licensing Preparation Package August 8, 2022 (KB5016892)

    Windows Server 2008 SP2:
    Servicing stack update for Windows Server 2008 SP2: July 12, 2022 (KB5016129) or later
    and
    Extended Security Updates (ESU) Licensing Preparation Package August 8, 2022 (KB5016891)

    Note: For Windows 7 SP1 Embedded Products (WES 7 and POS 7) we recommend taking the latest SSU (KB5017397) or later. As well as Extended Security Updates (ESU) Licensing Preparation Package July 29, 2020 (KB4575903) or later.

Note: Once a servicing stack update is installed, it cannot be removed or uninstalled from the machine. For more information, see Servicing stack updates.

 

Note: Classified as a Security-only package, the ESU licensing preparation package is available via Windows Server Update Services (WSUS) or the Microsoft Update Catalog. The ESU licensing preparation package is not currently available via Windows Update.

Installation and activation

Once you have installed the prerequisites listed above, you're ready to install and activate the ESU license key.

Note: Installing the ESU product key will not replace the existing Windows OS product key on the device.

First, install the ESU product key using the Windows Software Licensing Management Tool (slmgr). Then:

  1. Open an elevated Command Prompt.
  2. Type slmgr /ipk <ESU key> and select Enter.
  3. If the product key is installed successfully, you will see a message similar to the following:
     

    obtain2.png

Note: If you see the Error:0xC004F050 while trying to install the product key on Windows Server 2008 SP2, your device may require an additional reboot.

Next, find the ESU Activation ID:

  1. In the elevated Command Prompt, type slmgr /dlv and select Enter.
  2. Note the Activation ID as you will need it in the next step.

    obtain3.png

Once the ESU key is activated, continue to use your current update and servicing strategy to deploy ESUs through Windows Update, WSUS, the Microsoft Update Catalog, or whichever patch management solution you prefer. Extended Security Updates will have the Security-only update classification.

Note: Windows Update offline scan files (WSUSScn2.cab) will continue to be available for Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2. If you have devices running one of these operating systems, but don't have ESUs, those devices will show up as non-compliant in your patch management and compliance toolsets.

Configure firewall allow lists for activation

If you are using a proxy firewall, you may need to allow list the activation endpoints for ESU key activation to succeed.

For online activation (i.e. local key deployment), you will need to allow list all the following URLs:

Windows 7 SP1 and Windows Server 2008 R2 SP1

https://go.microsoft.com/fwlink/?linkid=88338

https://activation.sls.microsoft.com/slspc/SLActivate.asmx

https://go.microsoft.com/fwlink/?linkid=88339

https://activation.sls.microsoft.com/slrac/SLCertify.asmx

https://go.microsoft.com/fwlink/?linkid=88340

https://activation.sls.microsoft.com/slpkc/SLCertifyProduct.asmx

https://go.microsoft.com/fwlink/?linkid=88341

https://activation.sls.microsoft.com/sllicensing/SLLicense.asmx

 

Windows Server 2008 SP2

https://go.microsoft.com/fwlink/?linkid=48189

https://activation.sls.microsoft.com/slspc/SLActivate.asmx

https://go.microsoft.com/fwlink/?linkid=48190

https://activation.sls.microsoft.com/slrac/SLCertify.asmx

https://go.microsoft.com/fwlink/?linkid=48191

https://activation.sls.microsoft.com/slpkc/SLCertifyProduct.asmx

https://go.microsoft.com/fwlink/?linkid=48192

https://activation.sls.microsoft.com/sllicensing/SLLicense.asmx

For proxy activation using the Volume Activation Management Tool (VAMT), allow list the following URLs:

Once you have completed your allow lists, you are ready to activate the ESU product key:

  1. Open an elevated Command Prompt.
  2. Type slmgr /ato <ESU Activation Id> and select Enter.

You should now see a message stating that you have activated the key successfully:

obtain4.png

The following tables outlines possible values for <ESU Activation Id>. The activation IDs are the same across all eligible Windows ESU editions and all devices enrolled for that program.

ESU program

ESU SKU (or Activation) ID

Windows 7 SP1 (Client)

Year 1

77db037b-95c3-48d7-a3ab-a9c6d41093e0

Year 2

0e00c25d-8795-4fb7-9572-3803d91b6880

Year 3

4220f546-f522-46df-8202-4d07afd26454

 

ESU program

ESU SKU (or Activation) ID

Windows Server 2008/2008 R2

Year 1

553673ed-6ddf-419c-a153-b760283472fd

Year 2

04fa0286-fa74-401e-bbe9-fbfbb158010d

Year 3

16c08c85-0c8b-400909b2b-f1f7319e45f9

Year 4

32163ff8-e96d-40b1-973c-44b9bf096d83

 

Important: Activation via Control Panel > System and Security > System > Activate Windows cannot be used to activate ESU keys. It activates the Windows operating system only.

Once you have activated the ESU product key, you can verify the status at any time by following these steps:

Windows 7 SP1 and Windows Server 2008 R2 SP1:

  1. Open an elevated Command Prompt.
  2. Type slmgr /dlv and select Enter.

Windows Server 2008 SP2:

  1. Open an elevated Command Prompt.
  2. Type slmgr /dlv <Activation ID> or slmgr /dlv all and select Enter.

The License Status will show as Licensed for the corresponding ESU program, as shown below:

obtain5.png

 

Note: We recommend using a management tool, such as System Center Configuration Manager, to send the slmgr scripts to your enterprise devices.

To install and activate ESU for devices that are not connected to the Internet, you can use the VAMT or phone activation.

Volume Activation Management Tool configuration

You can use the VAMT for online and/or proxy activation. To install and activate ESU keys using the VAMT, follow these steps:

  1. Download and install the Volume Activation Management Tool.
  2. Download the VAMT- ESU configuration file and update your VAMT configuration file.
  3. Configure the client device's firewall for the VAMT.
  4. Add the ESU product key to the VAMT.
  5. Select the product, right-click, select Activate, then select your activation method, as shown below:

    obtain6.png
     

Note: For systems that cannot connect to the Internet for activation, you can use the VAMT to perform proxy activation.

For additional guidance on how to install and activate Windows 7 ESU keys on multiple devices using a multiple activation key (MAK), see this post.

Activating ESU keys via phone

To activate ESU keys via phone, use the slmgr command options - /dti and /atp. To activate ESU keys via phone, follow these steps:

  1. Open an elevated Command Prompt.
  2. Type slmgr.vbs /ipk <ESU MAK Key> and select Enter. to install the product key.
  3. Get the Installation ID for the ESU Key using the corresponding ESU Activation ID (see the table of ESU Activation IDs for each program listed earlier in the blog post). For example:
     

    obtain7.png

  4. Once you have the Installation ID, call the Microsoft Licensing Activation Center for your region; they will walk you through the steps to get the Confirmation ID. Make a note of your Confirmation ID.
  5. Type slmgr /atp <Confirmation ID> <ESU Activation ID> to activate the ESU SKU using the Confirmation Id obtained in the above step.
     

    obtain8.png

  6. Type slmgr /dlv <Activation ID> or slmgr /dlv all and select Enter to verify that the License Status shows as Licensed.

Azure virtual machines

You do not need to deploy an additional ESU key for Azure virtual machines (VMs), Azure Stack HCI version 21H2 and later.

For other Azure products such as Azure VMWare, Azure Nutanix solution Azure Stack (Hub, Edge), or for bring-your-own images on Azure for Windows Server 2008 SP2, and Windows Server 2008 R2 SP1 you do need to deploy the ESU key. The steps to install, activate, and deploy ESUs are the same for fourth year of ESU coverage

Like on-premises devices, you will need to install the appropriate SSUs as outlined in the article Obtaining Extended Security Updates for eligible Windows devices - Microsoft Community Hub Installation prerequisites section. After installing the SSUs noted above, VMs will be enabled to download the ESU updates.

A pre-patched Windows Server 2008 R2 SP1 image are available from the Azure Marketplace.

For answers to commonly asked questions about ESU for Windows Server 2008 and 2008 R2 SP1, see Extended Security Updates frequently asked questions.
To learn more about ESU, please watch our Microsoft Ignite 2019 session on How to manage Windows 7 Extended Security Updates (ESU) for on-premises and cloud environments

Next steps

If your organization still has devices running Windows Server 2008, or Windows Server 2008 R2 SP1, we recommend that you take the steps outlined above today and take advantage of Extended Security Updates to help ensure that your devices continue to receive necessary security updates

If you are interested in learning more about Extended Security Updates, please see the following resources:

 

75 Comments
Copper Contributor

Should your note read:

 

Note:  Windows Update offline scan files (WSUSScn2.cab) will continue to be available for Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2. If you have devices running one of these operating systems, but don’t have ESUs, those devices will show up as non-compliant in your patch management and compliance toolsets.

Community Manager

@jasonwassertanium - Thanks for your note about the typo and the scan file name. We have fixed the typo, and have confirmed that WSUSScn2.cab is indeed correct and have made the update above.

Brass Contributor

will MAK key Change in every year ?

will ESU licensed ID  is same for three year ?

@Poornima Priyadarshini thanks for this updated article. 

I am afraid that your link to VAMT 3.1 / ADK is outdated. Please update it to obtain ADK 1903 (incl 1909) instead of 1809.

https://docs.microsoft.com/en-us/windows/deployment/volume-activation/install-vamt

This is not your fault but the docs has not been updated, I file a git for this. 

here is the recent ADK containing VAMT 3.1 (without the still needed patch) as per your instructions.

Microsoft

As original article is archived, adding this to ne new one as this is important:

 

One thing I came across: you have to use the US phone number for phone activation, when using homecountry number the product is not recognized. US number is as follows: +1 (716) 871 2781

To activate with the confirmation id use the following command:

slmgr /atp <ConfirmationID> <ActivationID>

 

This is tested and works.

 

Regards,

Bennd

Copper Contributor

.

Copper Contributor

What happened to the prerequisite requirement in the (now archived)  October blog posting to install the October 8, 2019 Monthly Rollup KB4519976?    Is that still a requirement?   I've  been installing "security-only" updates instead of the monthly rollups for the past several years,  and I would like to know whether I would need to install that October monthly rollup as a prerequisite for getting extended security updates for my Windows 7 Professional computer.   I will appreciate your response.  



Brass Contributor

This is NOT just an extension of the older ESU blog, there are NEW requirements regarding KB4538483 

 

i suggest we all read this article from redmondmag article titled (just google it)

Microsoft Alters Windows Extended Security Updates Requirements Yet Again

Participants in Microsoft's Extended Security Updates (ESU) program for out-of-support Windows 7 and Windows Server 2008 machines faced new installation requirements on Tuesday.


The details are described in Microsoft's Knowledge Base (KB) article 4522133, apparently first published on Tuesday, Feb. 11

 

EDIT: I just checked my office W7 Pro Pc and it did not have KB4538483 installed. After installing it, the 2020-02 Security Monthly Rollup KB4537820 was offered. 

EDIT2: The Patch Lady has an even better article on this needed KB. Just google 

“Patch Lady – Windows 7 ESU last minute requirement”

Please add that you have to add the VAMT files into 

Volume Activation Management Tool configuration

  1. Download the VAMT- ESU configuration file and update your VAMT configuration file.
  2.  Copy the downloaded files
    pkconfig_vista.xrm-ms (2008)
    pkconfig_win7.xrm-ms (7, 2008R2)
    to C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT3\pkconfig
  3. Configure the client device’s firewall for the VAMT.
  4. Add the ESU product key to the VAMT.
  5. Select the product, right-click, select Activate, then select your activation method, as shown below:



 

Microsoft

Hello,

 

one more important thing:

The MAK key has a default limit in the activation count of 650.

So even if you purchased e.g. 2000 the key initially shows up with a count of 650.

To change this simply contact Microsoft VLSC support, they can update this quickly.

 

Best regards,

Bennd

Copper Contributor

So for my server pilot group this month,  i installed the ESU keys in Jan before we got the surprise (ESU) Licensing Preparation Package (KB4538484).

All my MAKs got deactivated and i had to activate them all again manually to pick up the Feb 2020 updates.

 

I've yet to apply the ESU MAKs to my main patch group, should apply the ESU MAK keys after my servers get KB4538484, save me having to do it twice?

Copper Contributor

Good Afternoon All,

 

Looking for some advice. We have purchased Win7 and Win2k8 ESUs for enterprise. Due to security constraints we are unable to introduce VAMT into our environments. Numbers of licenses to be activated means phone activation is not an option. Can KMS be used for globally activation of licenses as previously or is there another solution? @Poornima Priyadarshini @Chris Puckett 

Many thanks in advance

Microsoft

@wizball The deactivation on WS 2008 R2 can occur when you install the ESU key and then install the January 14, 2020 security only update (KB 4534314) or January 14, 2020 monthly rollup (KB 4534310) on the ESU activated Windows Server 2008 R2 computer.  It might cause ESU to deactivate and need to be reactivated. It is mentioned in KB4538483 .  It does not impact Windows 7 nor Windows Server 2008 SP2.  The ESU Licensing Prep Package is not involved. 

On Windows Server 2008 R2 you can avoid the reactivation issue if you can install either of these January 14, 2020 updates before ESU key activation.  To simplify things at this point you might install the ESU Licensing Prep Package first (KB 4538484 for WS 2008 SP2 and KB 4538483 for WS 2008 R2/Win 7) and then activate the MAK key. This saves you from having to verify which monthly rollup needed to be installed prior to the availability of the ESU Licensing Prep Package.

 

@Gdoc74 Unfortunately KMS is not an option. Take a look at this post and see if that may work as an alternative.

Copper Contributor

@Chris Puckett we were on Dec updates when i installed the ESU keys, we skipped Jan and hoped to get straight to Feb. This now seems tricky with the limited maintenance window. So the best we can get now is Jan updates + ESU prep package and then goto Feb/Mar in the next window.

The multiple SSU updates also slowed things down....

Why Microsoft still releases security updates and fixes for Windows 7 NON-ESU users?

https://mspoweruser.com/new-actively-exploited-ie-bug-forces-microsoft-to-patch-windows-7-again/

 

they intentionally chose to use an outdated 11 years old OS.

Copper Contributor

Can we install the security updates manually or it will also required ESU licenses?

 

Thanks in Advance,

Satya Boda.

Copper Contributor

@vsnboda No, they might seem like they install, but after a reboot they will fail and revert.

@vsnbodaIf you can find the security updates, there shouldn't be any barriers preventing you from installing them manually...but what is preventing you from updating to a newer OS?

 

if it was Android, Mac, Linux, literally Any other vendor/company, you wouldn't be able to use that OS anymore due to lots of security and software incompatibility issues.

Steel Contributor

@HotCakeX 
Nothing had been released for non-ESU, don't spread fake news, and don't be selfish

@abbodi1406

Just speaking the truth. don't need to accuse other users and be rude.

nothing was released for non-ESU users? what about this?

https://mspoweruser.com/new-actively-exploited-ie-bug-forces-microsoft-to-patch-windows-7-again/

Copper Contributor

I'm having a weird issue on a handful of 2008 (non R2) boxes... We have activated a few hundred without issues.

 

All prerequisites are installed, and after running cscript slmgr.vbs /ipk, it takes the key successfully, but I do not see the MAK channel when i run slmgr /dlv.... Has anyone else seen this issue?

Your feedback / likes and practical experience managing ESU, encouraged me to help updating the docs on VAMT 3.1 it is a very under rated tool imho and should be implemented in all organizations that have more than 20 users. Or even less when managing ESU. 

 

A revised VAMT article with SQL 2019 and troubleshooting steps is in the pipeline, awaiting confirmation. 

Brass Contributor

FWIW, the March Patch Tuesday updates installed without issue or intervention on my W7 Pro 64 bit PC with ESU license. 

Copper Contributor

Regarding Activation IDs:

 

Mystery #1: At first because I didn't know any better, I was only using the command slmgr /ato and that worked on a couple of Windows 2008 R2 servers. The servers showed as activated and got the March Rollup. I'm not sure why I didn't need an activation ID.

 

Mystery #2: I'm glad I read this article because I discovered that slmgr /ato needs to be followed by the activation ID. (Apparently not always....See Mystery #1.) So what makes this also a mystery is that my Windows 2008R2 activation IDs do not match what is in the table above. Once I did add my servers' activation ID (not what's in the table above) to the command on the problem servers, I finally got them activated. I've read through the comments on this page but nobody else seems to have found the same discrepancy.

 

 

@CFS3RD please don't bother yourself with slmgr. VAMT 3.1 with the patch named above give you much better overview and control. 

Copper Contributor

So how exactly does this work for isolated networks that have Generic Volume License Keys (GVLK) and MAK licenses for Windows 7 in the VAMT tool. We have our license key for the Windows 7 ESU, but none of our machines are able to access the Internet to fully complete the activation. We have a VAMT server and have tried to export the data for proxy activation, but we have had no luck with it working. All of our Windows 7 machines show The Windows 7 ESU Add-on but show Unlicensed in the "license status" when you run the slmgr /dlv command. This is restricting us from obtaining updates because it thinks its not licensed?

@JustWorkinIT 

Check all prerequisites

Check if VAMT 3.1 is updated manually with the ESU xml files 

Install MAK keys on Win 7 devices using VAMT. Activate MAK keys via VAMT 

Then install ESU keys and activate via VAMT

I am not sure but I read Internet connection is required for this one time. 

Deleted double post

@Poornima Priyadarshini @Günter Born  it is still unclear with the docs How and where to obtain 2008 R2 ESU keys in VLC for customers that have open volume software assurance.

 

Can you please give more advice. All MSFT docs are not clear what to do it the VLSC is not showing them in the license overview. 

Copper Contributor

One of the prerequisites is to install 2020-02 SSU (KB4537829) or later. I'm using SCCM where this update is expired. It has been superseded by 2020-03 SSU which is appearing as not required for computers in my environment.

 

Can you please explain how to deal with it?

Steel Contributor

@lukaszsklariw_o-i 

2020-01 SSU was needed for 2020-02 updates

2020-02 SSU was needed for 2020-03 updates

2020-03 SSU will be needed for 2020-04 updates

and so on

 

if they released 2020-04 SSU, it will be needed for 2020-05 updates, otherwise 2020-03 SSU would suffice

Copper Contributor

I needed to install the 3/2020 SSU manually on my 2008 R2 Servers. For some reason it was downloaded from WSUS, but would not get detected as needed by the OS. Thankfully I only had about 20 servers, but every one of them had this same behavior.

@CFS3RD remember that SSU will only be offered/showuup if no other update is pending by design. Was this the case? 

This changes with 2012 or later 

Copper Contributor

@Karl_Wester-EbbinghausI believe some of these servers had no pending updates. I can't confirm because at this point they are fully set up for ESU.

 

However, to your point, I just checked a couple of Windows 2008 R2 servers now that a new Patch Tuesday has arrived. They have downloaded the April patches, including the April SSU, but the April SSU is not being offered.

 

By the way, if I hadn't installed the March 2020 SSU, I don't think any of these April patches would be offered, if I understand correctly.

Steel Contributor

@CFS3RD 

SSU is only offered if there are no other important updates pending in the queue

either install them or hide them, or just install the SSU manually

@Poornima Priyadarshini can you please ask the update / licensing team to make ESU for SQL and Server available via CSP just as for the clients.

 

Having and EA is a too high stake for SMB customers that have to migrate. They are put at risk unnecessarily. 

Brass Contributor

HCX, although I rarely respond to demands such as yours - the reason Microsoft released a Windows 7 Update that included Non-ESU users is because when an extra critical bug was found; Microsoft out of the goodness of their heart and mind in order for the whole computer industry not to suffer even more than it has from mal-ware such as ransomware, ad-ware, Trojans and other garbage released an update for an older operating system to everyone even though some users were non-compliant with esu.  So HCX, are you one of those users who throws away their smart phone into the trash to either trash the environment or potentially open yourself up to identity theft by throwing away used electronics and no a simple wipe will not prevent others from accessing your information.  You will have to accomplish 1's and 0's with the appropriate safe-guards of a DOD or an NSA Wipe to more safeguard your used electronics.  I go even further than that but that is just me and not for everyone and so to each her/his own and let us give it a rest, call it a day and all take a much-needed nap where we can be refreshed and act in a more civilized manner.  Thank you all for your contributions to Microsoft and your support in keeping Microsoft a great company.

Copper Contributor

I'm currently trying to deploy Extended Security Updates to a large number of Server 2008 R2 and Windows 7 machines, and have purchased the relevant keys, but I'm not using SCCM or VAMT.

What would be the simplest and quickest method to do this? Will I need to install the pre-requisite updates on each machine, and then run the relevant slmgr /ipk <KEY> script on each machine individually?

Please consider VAMT it will really help you and is easy enough to setup. 

The docs how to install it got updated some weeks ago. 

If you face issues let me know.

 

VAMT is the best tool to deploy and also monitor the success and allows you reports for the management plane. 

Not only for ESU but also the whole licensing of the environment, including ADBA for 2012 or later, and Office 2013 or later. 

 

 

The update distribution could be either made via WSUS or powershell modules. 

Copper Contributor

I have follow thos blog and install the kb and activate the lic on windows 7. How i get the latest windows 7 patches. Please provide me the link or direction.

Copper Contributor

Hi,

 

We installed the ESU key on servers running Windows Server 2008 R2.
We have approved updates to WSUS, but these updates are not applicable.

Has anyone been through this?

@Marco Antonio da Silva what is the state of the prerequisite updates you will need? the latest SSU etc

see ADV990001

Copper Contributor

Hello @K_Wester

 

We already have this update approved as well.

After removing the August updates and approving again, the updates started being delivered to the computers.

Thank you.

 

Copper Contributor

KB4571729, the 2020-08 monthly rollup for Windows 7, was highly defective.  We reproduced its symptoms on multiple workstations. After uninstalling KB4571729, the symptoms immediately resolved on all workstations.  Among the bugs:

 

1) Windows Update runs forever and will not find updates after installing KB4571729.

2) Windows Explorer is sluggish.

3) The network connection icon in the system tray has a blue circle that either never clears or turns into a red x, even though there definitely was a network connection.

4) Large Word documents (with hundreds of pages) will not open.

5) Under Task Manager, Performance Monitor would not open.

 

Even the configuration process after uninstalling KB4571729 took a long time.  From these errors, it seems like KB4571729 is causing memory problems.

 

Today is Patch Tuesday.  I hope Microsoft is aware of the bugs with its August Windows 7 monthly rollup.

Copper Contributor

@Chris Puckett @Poornima Priyadarshini @BlakeTex365 @Karl_Wester-Ebbinghaus 

We have installed MS VAMT and all the pre-requisites. Have a MAK key but when activating W7 & 2K8 via VAMT (individual machines as a test) the status is showing as unlicensed when running slmgr /dlv all  HELP!

 

In the VAMT console have noticed the proxy activation option is missing - we only have online and volume??? Could this be a factor?

Also noticed from this article that the SSU pre-requisite has now changed to June or later. Again could this be a factor?

Windows 7 SP1 and Windows Server 2008 R2 SP1
Servicing stack update for Windows 7 SP1 and Server 2008 R2 SP1: June 9, 2020 (KB4562030or later

Any help much appreciated. Thanks in advance

Copper Contributor

Can Windows Embedded Standard 7 customers purchase ESU via CSP?

 

Thanks

 

Sarah

Copper Contributor

Is anyone encountering an issue with checksums for KB4538483 & KB4538484? I've verified multiple times with different PCs and the checksums I get are different to the ones listed in the KB articles. 

Steel Contributor

@Juan_Chi 

There are 3 versions of KB4538483, and 2 versions of KB4538484

the hash listed in KB articles belong to last version for each, which was not publicity released, because they decided to replace it with KB4575903 & KB4575904

 

the 40 hex characters appended to msu file name represent SHA1 hash, you don't need KB article to verify

 

anyway, ESU updates offerring via WU/WSUS works if you installed any of KB4538483/KB4538484 versions or KB4575903/KB4575904

Copper Contributor

For multiple domains do I need separate VAMT server for each domain?

Hi @Krishna15 not necessarily. it can work across domains and also for non domain devices.
VAMT does not need a specific server unlike legacy KMS. 

 

Version history
Last update:
‎Nov 29 2023 11:01 AM