- SmartDeploy: Rethinking software deployment to remote workers in times of a pandemic - Thu, Jul 30 2020
- Outlook attachments now blocked in Office 365 - Tue, Nov 19 2019
- PolicyPak MDM Edition: Group Policy and more for BYOD - Tue, Oct 29 2019
We can expect to see several major updates to Windows 10 each year. Keeping up with these updates can be very difficult depending on how they are treated. If you are like many IT administrators, you probably held off on the early releases and decided to let someone else sort through potential problems.
With another release on the horizon, you decided to catch up and enable the Upgrades classification. And that is where WSUS betrayed you.
The WSUS Upgrades button looks so innocent.
Without a bit of prep work, the WSUS environment doesn’t understand the components needed to download and deploy the Windows 10 upgrade. The upgrade has been downloaded but it has been saved to the WSUS database as a regular update.
This problem was preemptively fixed by installing the hotfix for KB 309511. Until recently, the instructions for remediating an environment without KB 309511 were not available. A few different methods of fixing this problem exist. The solution outlined below is the official response from the WSUS product team, with a bit more explanation.
The five steps steps below fix improper upgrades in WSUS below specifically show how to undo the damage caused by improper syncing of the Windows 10 1511 upgrade. You can modify these steps for future versions if needed.
Although you should do most steps in PowerShell, you can do some from the GUI if you prefer. The PowerShell commands use the UpdateServices module, and you should run them from an elevated PowerShell window on the WSUS server(s).
Step 1: Uncheck the Upgrades classification
The Upgrades classification will need to be disabled on your standalone WSUS server or your highest WSUS instance in your update hierarchy (the server that directly syncs with Windows Update). Simply uncheck the classification (as seen in the picture above) or run the following PowerShell command:
Get-WsusClassification | Where-Object -FilterScript {$_.Classification.Title -Eq “Upgrades”} | Set-WsusClassification -Disable
Step 2: Remove the improperly synced upgrade content
This next step involves deleting the actual Windows 10 upgrade files. You will need to use PowerShell for this step. You’ll need to repeat this step on every WSUS server in your environment. Start from the highest server and work down.
In the second line, note the version number that is being queried. If you are having issues due to an upgrade that is not version 1511, you will need to change this line.
$s = Get-WsusServer $s.SearchUpdates(“version 1511, 10586”) | foreach { $s.DeleteUpdate($_.Id.UpdateId) }
Step 3: Install the hotfix for KB 3095113
You can download the hotfix from here: https://support.microsoft.com/en-us/kb/3095113 . If you haven’t read up on exactly what this hotfix does (and why it was released as a hotfix in the first place), read this explanation. As a precaution, reboot the WSUS server after applying this update.
Step 4: Enable the Upgrades classification
We are back to a supported WSUS state now, and the environment is ready to handle the new format for upgrades. Re-enable the Upgrades classification on your top WSUS server by using the GUI or the following PowerShell command:
Get-WsusClassification | Where-Object -FilterScript {$_.Classification.Title -Eq “Upgrades”} | Set-WsusClassification
Step 5: Sync your WSUS server
The final step is to perform a full sync on your top WSUS server. To do this, run the following PowerShell commands from that server:
$sub = $s.GetSubscription() $sub.StartSynchronization()
With that, your environment should be fully compliant and able to deploy the latest Windows 10 upgrade! If you have any issues (or improvements to this process), let us know in the comments below. You can read the original TechNet guidance here and here.
Hello,
very good article, but the upgrade is failed again. the client could not download the upgrade and get the error is 80240020, i have deleted the distro folder, but still have same problem.
Hi Ivo – are you trying to enable upgrades in WSUS or deploy the actual Windows 10 upgrade?
Well, nuts. KB3095113 is installed on the WSUS (Server 2012). The Updgrade box is checked. The Win10 components have downloaded. The Win10 upgrade icon is showing up on the clients. (All in that order.)
But the upgrade doesn’t deploy. Clicking on the client Win10 upgrade icon offers one option to install the upgrade for unmanaged clients and tells the user to see their admin for managed systems. Even though they are managed systems, I tried installing from the client. The process starts, them immediately terminates.
Thank you for the article. Almost everything works after following your guide, except hwne i create a ‘Servicing Plans’ i don’t get any results through the Preview button in ‘Upgrades’ tab. My search criteria was Language: “English” or any other criteria i select. I do see 256 updates in “All Windows 10 Updates” under the “Windows 10 Servicing” folder.
Anyone know whats the problem is?
Using WID with WSUS on a indows 2012R2.
Removing improperly synced synced content ends with following error:
Exception calling “DeleteUpdate” with “1” argument(s): “spDeleteRevision: cannot delete revisionid: 110986 because it
is still deployed to a Non DSS Target Group
spDeleteUpdate got error from spDeleteRevision
spDeleteUpdateByUpdateID got error from spDeleteUpdate”
At line:1 char:53
+ $s.SearchUpdates(“version 1511, 10586”) | foreach { $s.DeleteUpdate($_.Id.Update …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : SqlException
Exception calling “DeleteUpdate” with “1” argument(s): “spDeleteRevision: cannot delete revisionid: 95726 because it
is still deployed to a Non DSS Target Group
Re-Indexing did not help….. anyone know what to do?
spDeleteUpdate got error from spDeleteRevision
spDeleteUpdateByUpdateID got error from spDeleteUpdate”
At line:1 char:53
+ $s.SearchUpdates(“version 1511, 10586”) | foreach { $s.DeleteUpdate($_.Id.Update …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : SqlException
Solved:
Had to identify which updates are revisionid and unapproved them in WSUS.
What needs to be changed to have this apply to 1607’s Anniversary update?
I don’t think anything has to be changed, Michael.
Windows 2012 R2 server, WSUS role installed using WID database
Logged onto server as domain admin.
The Get-WsusServer command fails, returning a 403 Forbidden error.
Same result if you include option for portnumber 8530.
Domain Admins group is a member of the server’s WSUS Administrators group.
If issuing the Get-WsusServer with -usessl option and portnumber 8531, the connection is refused.
Very goog article, but step 3 – install KB3095113 – is not possible. MS provides only Windows8.1-KB3095113-v2-x64.msu package in 5 variants, but no one si aplicable on win 2012 R2 server.
To apply this update in Windows Server 2012 R2, you must have April 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355). – I have it installed.
KB3095113 has been superseded by KB4025336 and KB4034681. If you have installed either one of the two KBs, you don’t need to install KB3095113 any more. … I don`t have nothing from these, no one is aplicable on Win 2012 R2 server. Only exist for Windows 8.1.
Still I`m not able use WSUS server on Win 2012 R2 server for Windows 10 workstations.