1. Right-click task-bar and click on Properties
Showing posts with label Windows Update. Show all posts
Showing posts with label Windows Update. Show all posts
01 November 2017
Windows Update Error: 80243004
Recently I was running Windows Update on a client's server, and I encountered the following error message:
Luckily this is a nice and easy fix.
1. Right-click task-bar and click on Properties
2. Click Customize
3. Tick Always show all icons and notifications on the taskbar
Once you've done that, simply click Try Again and it should work for you now.
1. Right-click task-bar and click on Properties
29 September 2016
Windows 7 hanging on 'Checking for Updates'
Recently I've had to install a fresh copy of Windows 7 in order to build up a SOE for a client. The first thing I realised is that there's an update for the Windows Update agent itself. DON'T DO THIS UPDATE! Whatever you do!
This will update the Windows Update to version 7.6.7600.320. There are many issues that have been documented with this version. The most important I would say is the fact that you suddenly can no longer search for Windows Updates. If you check for new updates, it will sit there saying "Checking for Updates" indefinitely.
When imaging a new machine, ensure that you don't have it connected to the network, and when it asks to install updates, click "Ask me later". Once you've done that, you will need to install two Windows Updates. These you will need to download from another computer and it would be the best idea to copy it over through USB drive.
They are the following updates:
This will update the Windows Update to version 7.6.7600.320. There are many issues that have been documented with this version. The most important I would say is the fact that you suddenly can no longer search for Windows Updates. If you check for new updates, it will sit there saying "Checking for Updates" indefinitely.
When imaging a new machine, ensure that you don't have it connected to the network, and when it asks to install updates, click "Ask me later". Once you've done that, you will need to install two Windows Updates. These you will need to download from another computer and it would be the best idea to copy it over through USB drive.
They are the following updates:
1. KB3020369
2. KB3172605
Make sure you install these updates in that order as well. Once you've installed these updates, reboot your computer and then you will be able to go through and start downloading Windows Updates like normal.
17 June 2016
GPOs no longer being applied
Recently a client of mine advised they had a few issues with their GPOs suddenly not applying. After looking through what the issue could be, we added Authenticated Users to the permissions list and gave them 'read' permissions. This suddenly resolved the issue.
Authenticated Users didn't have permission before, as it was locked down by Security Group. I hadn't made any changes to the GPO and neither had the IT team onsite. This prompted me to look into this further.
Upon investigation, I found that this was caused by a Windows Update (https://support.microsoft.com/en-us/kb/3163622). The update details are the following:
MS16-072 changes the security context with which user group policies are retrieved. This by-design behavior change protects customers’ computers from a security vulnerability. Before MS16-072 is installed, user group policies were retrieved by using the user’s security context. After MS16-072 is installed, user group policies are retrieved by using the computer's security context. This issue is applicable for the following KB articles:
Authenticated Users didn't have permission before, as it was locked down by Security Group. I hadn't made any changes to the GPO and neither had the IT team onsite. This prompted me to look into this further.
Upon investigation, I found that this was caused by a Windows Update (https://support.microsoft.com/en-us/kb/3163622). The update details are the following:
Known issues
- 3159398 MS16-072: Description of the security update for Group Policy: June 14, 2016
- 3163017 Cumulative update for Windows 10: June 14, 2016
- 3163018 Cumulative update for Windows 10 Version 1511 and Windows Server 2016 Technical Preview 4: June 14, 2016
- 3163016 Cumulative Update for Windows Server 2016 Technical Preview 5: June 14 2016
Symptoms
All user Group Policy, including those that have been security filtered on user accounts or security groups, or both, may fail to apply on domain joined computers.Cause
This issue may occur if the Group Policy Object is missing the Read permissions for the Authenticated Users group or if you are using security filtering and are missing Read permissions for the domain computers group.Resolution
To resolve this issue, use the Group Policy Management Console (GPMC.MSC) and follow one of the following steps:- Add the Authenticated Users group with Read Permissions on the Group Policy Object (GPO).
- If you are using security filtering, add the Domain Computers group with read permission.
27 April 2016
Windows 7 clients automatically rebooting for updates - no notifcation - WSUS
Recently I had a call from a client saying that they're having computers randomly reboot (without warning) to install Windows Updates. All machines were Windows 7, and they were all on the client's domain. They had WSUS installed and configured, with GPOs to define the backup settings etc. In this case, the GPO stated that machines will automatically download and install updates at 4pm each day, and only reboot if there was no active user.
After checking the GPO, I was confident that the issue was not related to that, as it clearly stated that the computers won't be rebooting automatically. I remoted into the workstations to ensure that they're actually applying the GPO (gpresult /r), which they were. So it wasn't GPO, and it wasn't the workstations as far as I could tell.
I logged into WSUS itself, and checked the automatic approval settings. That was all setup and was approving certain updates (such as Critical Updates and Security Updates etc). When looking further down the Automatic Approval rules, I noticed that there had been a deadline set for installing the updates.
After checking the GPO, I was confident that the issue was not related to that, as it clearly stated that the computers won't be rebooting automatically. I remoted into the workstations to ensure that they're actually applying the GPO (gpresult /r), which they were. So it wasn't GPO, and it wasn't the workstations as far as I could tell.
I logged into WSUS itself, and checked the automatic approval settings. That was all setup and was approving certain updates (such as Critical Updates and Security Updates etc). When looking further down the Automatic Approval rules, I noticed that there had been a deadline set for installing the updates.
The deadline had been set for 5am on the same day that the Windows Updates were approved. This means that the when a workstation turns on in the morning (which is usually after 5am...), it will realise that it has some updates available. Because it's already past the deadline, the workstations starts installing the updates as soon as it can, and applying them immediately.
The WSUS settings here overwrite the GPO settings, so even though it may have been defined in the GPO to not reboot, the computer knows that it's already past it's deadline to have these updates installed, so it ignores the remainder of the settings, and applies the updates straight away. If the updates require a reboot, it will do the reboot immediately as well. This was what was causing the 'random' rebooting of computers throughout the day.
To resolve this issue, one could change the deadline to perhaps allow a couple of days after the update has been approved, or in my case, completely remove the deadline requirement. The GPO will get machines to install updates each day anyway, so it's not needed in this case.
Subscribe to:
Posts (Atom)