2021-05 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5003171): Not Applicable

%3CLINGO-SUB%20id%3D%22lingo-sub-2348388%22%20slang%3D%22en-US%22%3E2021-05%20Cumulative%20Update%20for%20Windows%20Server%202019%20for%20x64-based%20Systems%20(KB5003171)%3A%20Not%20Applicable%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2348388%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3E2021-05%20Cumulative%20Update%20for%20Windows%20Server%202019%20for%20x64-based%20Systems%20(KB5003171)%20is%20downloaded%20in%20WSUS%20and%20approved%20for%20installation.%20It%20is%20showing%20not%20applicable.%20I%20have%20tons%20of%20Windows%20Server%202019%20servers.%3C%2FSPAN%3E%3C%2FP%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3EI%20have%20two%20separate%20WSUS%20on%20different%20environment%20and%20both%20showing%20the%20same%20status%20as%20not%20applicable.%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3EAnyone%20seeing%20this%20issue%3F%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3EThanks%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2348542%22%20slang%3D%22en-US%22%3ERe%3A%202021-05%20Cumulative%20Update%20for%20Windows%20Server%202019%20for%20x64-based%20Systems%20(KB5003171)%3A%20Not%20Applica%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2348542%22%20slang%3D%22en-US%22%3E%3CP%3EFound%20the%20answer.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPrerequisite%3A%3C%2FP%3E%3CP%3EYou%26nbsp%3B%3CSPAN%3Emust%26nbsp%3B%3C%2FSPAN%3Einstall%20the%20May%2011%2C%202021%20servicing%20stack%20update%20(SSU)%20(%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fkb5003243-servicing-stack-update-for-windows-10-version-1809-may-11-2021-0941fe82-b9f4-40fb-845d-63e70c1f9242%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EKB5003243%3C%2FA%3E)%20or%20later%20before%20installing%20the%20latest%20cumulative%20update%20(LCU).%26nbsp%3BSSUs%20improve%20the%20reliability%20of%20the%20update%20process%20to%20mitigate%20potential%20issues%20while%20installing%20the%20LCU%20and%20applying%20Microsoft%20security%20fixes.%20For%20general%20information%20about%20SSUs%2C%26nbsp%3Bsee%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fdeployment%2Fupdate%2Fservicing-stack-updates%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EServicing%20stack%20updates%3C%2FA%3E%26nbsp%3Band%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fservicing-stack-updates-ssu-frequently-asked-questions-06b62771-1cb0-368c-09cf-87c4efc4f2fe%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EServicing%20Stack%20Updates%20(SSU)%3A%20Frequently%20Asked%20Questions%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2352114%22%20slang%3D%22en-US%22%3ERe%3A%202021-05%20Cumulative%20Update%20for%20Windows%20Server%202019%20for%20x64-based%20Systems%20(KB5003171)%3A%20Not%20Applica%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2352114%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F10806%22%20target%3D%22_blank%22%3E%40Tamang%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EInteresting.%20I'm%20seeing%20the%20same%20issue%20where%20my%202019%20servers%20are%20showing%20this%20update%20as%20%22Not%20Applicable%22%20when%20checking%20against%20my%20Wsus.%20However%20if%20I%20check%20against%20MS%20update%20servers%2C%20it%20does%20label%20the%20update%20as%20needed%2C%20and%20doesn't%20flag%20the%20servicing%20stack%20update%20you%20mentioned.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%2C%20if%20this%20is%20true%20about%20the%20order%2C%20that%20adds%20a%20lot%20of%20complexity%20into%20people's%20GPO%20settings%20for%20updates%20as%20GPOs%20only%20allow%20us%20one%201%20designated%20time%20to%20install%20updates%2C%20not%20two.%20I%20would%20have%20expected%20that%20before%20the%20roll%20ups%20when%20there%20were%20a%20ton%20of%20updates%20per%20month.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'll%20update%20if%20I%20can%20find%20out%20anything%20else.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2354840%22%20slang%3D%22en-US%22%3ERe%3A%202021-05%20Cumulative%20Update%20for%20Windows%20Server%202019%20for%20x64-based%20Systems%20(KB5003171)%3A%20Not%20Applica%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2354840%22%20slang%3D%22en-US%22%3E%3CP%3ELooks%20like%20if%20I%20approve%20both%20the%20servicing%20stack%20update%20and%20the%20cumulative%20update%2C%20they%20both%20get%20installed%20by%20clients%20when%20checking%20for%20updates%2C%20even%20if%20the%20cumulative%20doesn't%20show%20as%20needed%20in%20the%20Wsus%20console.%20So%20just%20approve%20both%20as%20normal!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2370999%22%20slang%3D%22en-US%22%3ERe%3A%202021-05%20Cumulative%20Update%20for%20Windows%20Server%202019%20for%20x64-based%20Systems%20(KB5003171)%3A%20Not%20Applica%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2370999%22%20slang%3D%22en-US%22%3E%3CP%3EUnfortunately%20this%20new%20behavior%20breaks%20a%20smooth%20patchday%20with%20SCCM%2FMECM.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20month%20we%20have%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EStack%20update%3C%2FP%3E%3CP%3ECumulative%20Update%20(reboot%20required)%3C%2FP%3E%3CP%3E.Net%20Framework%20Update%20(reboot%20required)%3C%2FP%3E%3CP%3ESQL%202017%20CU%20Update%20(reboot%20required)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20what%20happen%20on%20server%20that%20need%20the%20stack%20update%2C%20CU%20and%20for%20example%20.Net%20Framework%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMECM%2FSCCM%20will%20detect%20and%20install%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EStack%20update%3C%2FP%3E%3CP%3E.Net%20Framework%20Update%20(reboot%20required)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eand%20then%20waits%20for%20a%20reboot%20to%20install%20the%20Cumulative%20Update%20(reboot%20required)%20and%20then%20of%20course%20a%20second%20reboot%20is%20required....%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F41501%22%20target%3D%22_blank%22%3E%40microsoft%3C%2FA%3E%3C%2FP%3E%3CP%3EPlease%20fix%20this....%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2389309%22%20slang%3D%22en-US%22%3ERe%3A%202021-05%20Cumulative%20Update%20for%20Windows%20Server%202019%20for%20x64-based%20Systems%20(KB5003171)%3A%20Not%20Applica%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2389309%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1058657%22%20target%3D%22_blank%22%3E%40JtheBAB%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20had%20a%20similar%20issue.%26nbsp%3B%20We%20target%20patches%20that%20are%20listed%20as%20'required'%20by%20SCCM%20the%20Wednesday%20following%20Patch%20Tuesday%2C%20then%20apply%20them%20over%20the%20course%20of%20a%20week%20or%20so%20to%20various%20environments.%26nbsp%3B%20The%20cumulative%20patch%20didn't%20get%20detected%20by%20SCCM%20as%20being%20required%20until%20after%20the%20SSU%20was%20applied.%26nbsp%3B%20This%20consequentially%20missed%20our%20normal%20day%20we%20approve%20patches%20and%20schedule%20them%2C%20because%20it%20was%20not%20detected%20as%20'required'.%26nbsp%3B%20I%20don't%20recall%20having%20this%20issue%20with%20earlier%20monthly%20SSU%2FCumulative%20patches.%20So%20essentially%20we%20now%20have%20to%20have%20a%20special%20patch%20cycle%20to%20get%20all%20those%20that%20were%20missed%20due%20to%20this%20behavior.%26nbsp%3B%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F41501%22%20target%3D%22_blank%22%3E%40microsoft%3C%2FA%3E%26nbsp%3BCan%20we%20adjust%20this%20so%20that%20even%20w%2Fo%20the%20required%20SSU%20installed%20the%20cumulative%20patch%20still%20shows%20up%20as%20'Required'%3F%26nbsp%3B%20Thanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2431728%22%20slang%3D%22en-US%22%3ERe%3A%202021-05%20Cumulative%20Update%20for%20Windows%20Server%202019%20for%20x64-based%20Systems%20(KB5003171)%3A%20Not%20Applica%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2431728%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1064173%22%20target%3D%22_blank%22%3E%401ofmanyadams%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBetter%20patching%20experience%20this%20month.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3ESSU%20installs%20first%20and%20goes%20to%20install%20the%20CU.%20Just%20one%20reboot.%20Great%20job%20MS....%20keep%20this%20way.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22w2k19-updates.png%22%20style%3D%22width%3A%20655px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F287531iA531B0B6A6932AD8%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22w2k19-updates.png%22%20alt%3D%22w2k19-updates.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

2021-05 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5003171) is downloaded in WSUS and approved for installation. It is showing not applicable. I have tons of Windows Server 2019 servers.

 
I have two separate WSUS on different environment and both showing the same status as not applicable. 
 
Anyone seeing this issue? 
 
Thanks
6 Replies

Found the answer.

 

Prerequisite:

You must install the May 11, 2021 servicing stack update (SSU) (KB5003243) or later before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

@Tamang 

 

Interesting. I'm seeing the same issue where my 2019 servers are showing this update as "Not Applicable" when checking against my Wsus. However if I check against MS update servers, it does label the update as needed, and doesn't flag the servicing stack update you mentioned.

 

Also, if this is true about the order, that adds a lot of complexity into people's GPO settings for updates as GPOs only allow us one 1 designated time to install updates, not two. I would have expected that before the roll ups when there were a ton of updates per month.

 

I'll update if I can find out anything else.

Looks like if I approve both the servicing stack update and the cumulative update, they both get installed by clients when checking for updates, even if the cumulative doesn't show as needed in the Wsus console. So just approve both as normal!

Unfortunately this new behavior breaks a smooth patchday with SCCM/MECM.

 

This month we have

 

Stack update

Cumulative Update (reboot required)

.Net Framework Update (reboot required)

SQL 2017 CU Update (reboot required)

 

So what happen on server that need the stack update, CU and for example .Net Framework?

 

MECM/SCCM will detect and install

 

Stack update

.Net Framework Update (reboot required)

 

and then waits for a reboot to install the Cumulative Update (reboot required) and then of course a second reboot is required....

 

@microsoft

Please fix this....

@JtheBAB 

 

We had a similar issue.  We target patches that are listed as 'required' by SCCM the Wednesday following Patch Tuesday, then apply them over the course of a week or so to various environments.  The cumulative patch didn't get detected by SCCM as being required until after the SSU was applied.  This consequentially missed our normal day we approve patches and schedule them, because it was not detected as 'required'.  I don't recall having this issue with earlier monthly SSU/Cumulative patches. So essentially we now have to have a special patch cycle to get all those that were missed due to this behavior.  @microsoft Can we adjust this so that even w/o the required SSU installed the cumulative patch still shows up as 'Required'?  Thanks.

@1ofmanyadams 

Better patching experience this month.


SSU installs first and goes to install the CU. Just one reboot. Great job MS.... keep this way.

w2k19-updates.png