cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Simplified deployment of Windows servicing stack updates: what's new
By
Aria Carley
Published Aug 10 2021 10:46 AM 19.3K Views
Aria Carley
Microsoft
‎Aug 10 2021 10:46 AM

Simplified deployment of Windows servicing stack updates: what's new

‎Aug 10 2021 10:46 AM

We learn a tremendous amount from your feedback and I'm excited to announce that we are now extending combined cumulative update capabilities to more versions of Windows!

Servicing stack updates (SSUs) provide fixes to the servicing stack, the component that installs Windows updates. Last September, we announced that we were working to simplify the on-premises deployment of servicing stack updates. We shared a plan to ease the efforts of IT administrators by providing a single monthly update containing both the latest cumulative update (LCU) fixes as well as the latest SSU, if applicable. This single update package can be installed on a device to ensure that updates are applied in the correct order, thus reducing the chances of installation failures.

Based on learnings from your comments and suggestions, we are improving this capability. Let's take a closer look!

Expanding capabilities to more versions of Windows

We are thrilled to announce that combined cumulative update deployment capabilities are coming to Windows 10, version 1809, Windows Server 2019, and Windows 10, version 1909. Beginning today, you can leverage the Windows Insider Pre-release Category in Windows Server Update Services (WSUS) to deploy the August 2021 monthly quality update and SSU together as a single package to devices running these versions.

More detailed instructions on how to leverage the Windows Insider Pre-release update to deploy these combined packages can be found in our previous post. Deploy Windows SSUs and LCUs together with one cumulative update.

Note: Devices running Windows 10, version 1809 will first need the July 20, 2021 Servicing Stack Update (KB5004424) or later in order to leverage this new capability. Devices running Windows 10, version 1909 will first need the June 15, 2021 Servicing Stack Update (KB5003974) or later.

Dependencies on SSUs and rare exceptions

When we released the first combined Windows cumulative update package, we simultaneously introduced a prerequisite on the September 2020, or later, SSU. This SSU contained the changes that were needed to make devices compatible with the combined cumulative update package, enabling the servicing stack to:

  • Expand the contents of this package.
  • Orchestrate the install of a new SSU.
  • Proceed with installing an LCU using the updated version of servicing stack.

Normally, updates to the servicing stack improve reliability or address a vulnerability in the update process for the LCU, and they are effective immediately for the installation of the LCU packaged inside the combined update package type that carries the SSU. In rare cases, especially as we enhance this capability, there can be breaking changes in the interface between the servicing stack and the combined update package format. In these circumstances, an SSU that makes the servicing stack compatible with the new interface must be deployed prior to the combined (LCU + SSU) update.

Such a change occurred with the May 11, 2021 SSU which is included in the May 2021 Windows 10 monthly quality update (KB5003173) for Windows 10. Here we enhanced bootstrapping capability of servicing stack for offline servicing of the OS image. This introduced a dependency on a new interface, hence the June 2021 monthly quality update (KB5003637) included a prerequisite. While this had little to no impact on most organizations who regularly leverage monthly updates, or any impact on those who connect their devices directly to Windows Update, some organizations were negatively affected by this prerequisite. Therefore, today we are releasing a standalone SSU (KB5005260) that can be applied to Windows 10 devices that have not yet installed the May 2021 monthly quality update.

Going forward, we will strive to minimize any changes that require an SSU as a prerequisite, but if such a change occurs, we will make a standalone SSU available in addition to the combined monthly update to ensure easy manageability.

Please continue to share your thoughts

Thank you for your continued enthusiasm and feedback on making our improved servicing capabilities the best they can be. For the latest updates on new releases, tools, and resources, stay tuned to this blog and follow us @MSWindowsITPro and @ariaupdated on Twitter, or visit the Windows Tech Community for more information.

 

10 Comments
JCStorbeck
Copper Contributor
‎Aug 10 2021 10:54 AM
‎Aug 10 2021 10:54 AM

When can we expect to see server 2019 SSU CU integration for Non-Insiders?  

 

Thank you!

0 Likes
Like
Reza_Ameri
Silver Contributor
‎Aug 10 2021 11:03 AM
‎Aug 10 2021 11:03 AM

Thank you for sharing and that would be great , we need to test it and see how it goes. 

However, it make our jobs much easier.

0 Likes
Like
Maniimi
Copper Contributor
‎Aug 10 2021 07:10 PM
‎Aug 10 2021 07:10 PM

Devices running Windows 10, version 1909 will first need the June 15, 2021 cumulative update for .NET Framework 3.5 and 4.8 (KB5003974) or later.

It seems that KB5003974 is June "Servicing Stack Update".

Thank you.

0 Likes
Like
ihabab
Microsoft
‎Aug 11 2021 12:56 AM
‎Aug 11 2021 12:56 AM

That is really good news and will probably decrease the SSU nightmare tons of my customers are facing

0 Likes
Like
MSAPic
Copper Contributor
‎Aug 12 2021 03:13 AM
‎Aug 12 2021 03:13 AM

Hello @Aria Carley ,

 

It seems this feature doesn't work properly when Express Update is enabled in WSUS.

Scenario to reproduce the bug :

  • PC : Windows 10 20H2 with the last standalone SSU installed by WSUS KB5005260
  • Reboot the PC
  • Assign in WSUS the CU KB5005033 to the PC

 

During the scan WSUS detected the KB5005033, it was downloaded and "installed very quickly".

No user notification for the reboot and the update build revision (UBR) is not changed !
I think the KB is not installed.

Thank for your support and feedback.


0 Likes
Like
abbodi1406
Steel Contributor
‎Aug 12 2021 04:41 PM
‎Aug 12 2021 04:41 PM

Hello @Aria Carley ,

 

i would like to report and issue with SSU-19041.1145 and SSU-19041.1161

both are not compatible for offline servcing (update) 1904x images on downlevel Host OS (Windows 10 1809 or earlier)

it only work when Host OS is Windows 10 2004 or later

Failed to create offline session from servicing stack at F:\Mount\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1161_none_2211db1ec415c341 - CDISMPackageManager::CreateCbsSession(hr:0x80004001)

 

the last one to works well on downlevel Host OS is SSU-19041.1081
it's actually still works well to install 2021-08 LCU into 1904x install.wim

 

all SSU for Windows 11 (22000) and Server 2022 (20348) work fine too

0 Likes
Like
Malte
Brass Contributor
‎Aug 13 2021 01:08 AM
‎Aug 13 2021 01:08 AM

a seperated WSUS Category for SSU would be usefull, so you could e.g autogrant SSUs while you be able to grant LCUs manually, or vice versa, you can exclude SSU from sync if you do not need due you patch all sys monthly and do not like to be spoiled by SSU enties in WSUS

0 Likes
Like
Malte
Brass Contributor
‎Aug 13 2021 01:16 AM
‎Aug 13 2021 01:16 AM

Dear @MSAPic 
we have similar issue. Even with the cumulative patches of 2-3 month before. Why you point to express update? Does it work correctly when this option is disabled?

MSAPic
Copper Contributor
‎Aug 13 2021 08:41 AM
‎Aug 13 2021 08:41 AM

Hello @Malte 


Thanks for your message. Much appreciate.

 

Other persons have the same issue in Reddit 

https://www.reddit.com/r/SCCM/comments/p2p2h9/august_ssu_and_cu_issues_on_machines_missing_may/ 



Malte
Brass Contributor
‎Aug 16 2021 12:07 AM
‎Aug 16 2021 12:07 AM

Hi  @MSAPic 

just to highlight: We are not affected by the issue that we have clients older than 05-2021 so they could not patch. (which should be fixed by latest SSU)
We have several client which already have 05-2021 / 06-2021 or 07-2021 patch level and do not patch to 08-2021.  (or in the month before 06>07-2021)
All these affected clients show the effect as also other reported, they seems to patch the LCU but too fast and do not want to reboot.
Even if you manually reboot. The OS versions stays old, so systems are still unpatched. 
Unfortunally, disabling expess updates on our WSUS seems not to have any effect to this issue.

Co-Authors
Version history
Last update:
‎Aug 11 2021 08:38 AM
Updated by: