Installation and Patching

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Update WSUS to allow Azure Active Directory Authentication

    Can WSUS be updated to use Azure Active Directory Authentication in addition to Windows Integrated? I'd love to be able to offload the WSUS database into the Azure Cloud Database As A Service - SQL Database offering.

    As an added bonus, it would also be great if it could also use Azure's new 'Managed Identity Provider' so that, if I have WSUS hosted on an Azure VM, it can just grab needed authorizations through there.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Patch Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. Provide new Update KB4072650 and 4057903 or scrap it alltogether

    The server works fine without the update. So why do we need it??

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Windows Update  ·  Flag idea as inappropriate…  ·  Admin →
  3. installation of kb4038777 on 2008 R2 domain controllers causes LDAP to break for certain applications.

    after much troubleshooting this morning, we were forced to uninstall kb4038777 on our 2008 r2 domain controllers and restart them. it appears LDAP authentication is failing over port 389 for a handful of our applications, as well as our production mailarchiva instance.

    was curious if anyone else had seen / experienced similar.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Patch Behaviors  ·  Flag idea as inappropriate…  ·  Admin →
  4. KB4035036 - .NET Preview August 2017 for .NET 4.6.1 installs .NET 4.7 DLLs

    Hi All,

    it looks like that ndp46-kb4033990-x64 one of the Updates included in
    KB4035036-August 2017 Preview of the Quality Rollups for the .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (https://support.microsoft.com/kb/4035036)

    patches the wrong .NET 4.6.1 DLLs on a Windows 2008 R2 Server.

    Registry sill says .NET 4.6.1 (394271) is installed, but

    the new patched files have a signature from 4.7.
    For e.g: mscorlib.dll has after the patch 4.7.2106.0.

    There a some third-party products, that have problems with .NET 4.7, like OpenEdge Progress.(https://knowledgebase.progress.com/articles/Article/gui-net-application-crashes-after-net-upgrade-to-4-7).

    And after…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Patch Behaviors  ·  Flag idea as inappropriate…  ·  Admin →
  5. Support WsusContent folder dedup in Server OS.

    It sure would be nice if the WsusContent folder would work with the dedup in Server OS. With Express Updates enabled for Windows 10 deltas this folder grows and grows. Performing a few test cases dedup saves 50% or more however it breaks WSUS.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  WSUS  ·  Flag idea as inappropriate…  ·  Admin →
  6. NoAutoRebootWithLoggedOffUsers - Windows Server OS

    Considering the server availability, we administrators are not getting downtime as we desired. So, Microsoft should give the support for server OS to prevent the reboot the server in logged-off mode after windows update installation. I have a suggestion that I'm giving below. If it is possible, it is very helpful to the world of Windows administrators. Add the registry value in server at least in all available server operating systems

    [HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]

    "NoAutoRebootWithLoggedOffUsers"=dword:00000001

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Windows Update  ·  Flag idea as inappropriate…  ·  Admin →
  7. KB3213986 Causes Logon Failures When Starting BITS Service - Please fix

    After installing update KB3213986 on Server 2016 Desktop Experience, a failed logon is logged every time the BITS service is started.

    Failed Logon Event:
    Log Name: Security
    Source: Microsoft-Windows-Security-Auditing
    Date: 2/27/2017 1:27:10 PM
    Event ID: 4625
    Task Category: Logon
    Level: Information
    Keywords: Audit Failure
    User: N/A
    Computer: PLB-DXX-TP01.dev-products.local
    Description:
    An account failed to log on.

    Subject:

    Security ID:        SYSTEM
    
    Account Name: PLB-DXX-TP01$
    Account Domain: DEV-PRODUCTS
    Logon ID: 0x3E7

    Logon Type: 5

    Account For Which Logon Failed:

    Security ID:        NULL SID
    
    Account Name: -
    Account Domain: -

    Failure Information:

    Failure Reason:     An Error occured during Logon.
    
    Status: 0xC0000073
    Sub Status: 0xC0000073
    34 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    19 comments  ·  Patch Behaviors  ·  Flag idea as inappropriate…  ·  Admin →
  8. KB4015553 on Windows Server 2012 R2 with SQL 2008 R2 creates System Kernel Process Handle/Thread Leak

    KB4015553 on a Windows Server 21012 R2 with SQL 2008 R2 creates a System Kernel Process Handle/Thread Leak. It is easy to see in the Task Manager after adding the Handle/Thread count columns. The counts increase nearly 1 per second until the OS and system is unresponsive and collapses.

    Another indicator is in the event logs, 4231 events appear: Description:
    A request to allocate an ephemeral port number from the global TCP
    port space has failed due to all such ports being in use.

    But the ephemeral port alert is not the root cause.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Patch Behaviors  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add Windows Update Group Policy Feature to allow clients to download approved updates directly from Microsoft

    I have a local WSUS server, it stores all my updates for my local users, I approve the updates and everything is great. At the same time I have bunch of remote offices that have faster WAN connections than VPN/MPLS.

    I can setup a second WSUS server, point it at my upstream server at HQ and tell it to not store the updates. All clients connecting to this server will fetch updates from Microsoft.

    Why not make this a simple binary GPO overwrite instead of adding the complexity?

    Force client to fetch windows update binaries from Microsoft

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  WSUS  ·  Flag idea as inappropriate…  ·  Admin →
  10. BUG: Cleaning up WID for WSUS on Windows 2008 R2 causes DB timeouts

    this is a known bug but I think rather than reindexing and cleaning up the WSUS DB with a SQL script you could fix this programmatically.

    The issue is know an happens during the first stage of the wizard when cleaning up old updates.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  WSUS  ·  Flag idea as inappropriate…  ·  Admin →
  11. Implement GUI and easier XML rule creation for USMT (Windows 10 ADK)

    It is cool to see that ADK will be updated with every new Windows 10 release but USMT seems to complicated for new admins.

    Please implement a GUI and a visual creation for the XML files to control this service.

    I personally don't want to study a book to make it work right.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Deployment & Installation  ·  Flag idea as inappropriate…  ·  Admin →
  12. WSUS does not display the operating system for Windows 2016 servers as 2016 servers. It shows them as Window 10 machines.

    WSUS 2012 does not display the operating system for Windows 2016 servers as 2016 servers. It shows them as Window 10 machines.

    . Background
    WSUS 2012 does not display the operating system for Windows 2016 servers as 2016 servers. It shows them as Window 10 machines.

    Problem Description
    This creates a fair amount of confusion as we know these are Server 2016 systems but we can’t be certain that they’re being updated properly without examining each system to ensure it has the current platform-specific updates

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  WSUS  ·  Flag idea as inappropriate…  ·  Admin →
  13. 2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Windows Update  ·  Flag idea as inappropriate…  ·  Admin →
  14. PowerShell for Windows Deployment Services lacking and/or broken

    Trying to automate the process of building boot image and installation image into WDS. It is nice to see some PowerShell commands, but there are still things that appear not to be possible to do with PowerShell and must resort to WDSutil. For example, I cannot find a cmdlet to create a new driver group. I have to issue the wdsutil command to create the driver group. I can then add all my drivers into the group using PowerShell, but then there does not appear to be a way to use PowerShell to filter the drivers by group to be…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  WDS & MDT  ·  Flag idea as inappropriate…  ·  Admin →
  15. Get-WsusComputer -ComputerUpdateStatus failed -ComputerTargetGroups clients <-- this lists ALL in the target group, instead of only those

    Get-WsusComputer -ComputerUpdateStatus failed -ComputerTargetGroups clients <-- this lists ALL in the target group, instead of only those that have status=failed

    Same result if I use -IncludedInstallationStates Failed too.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  WSUS  ·  Flag idea as inappropriate…  ·  Admin →
  16. Remove supersedence logic from Server 2012 R2 security patches

    Currently the non quality security updates are superseded by the security quality updates. This causes most of the standard reporting to break for companies that do not need or want the quality updates for security patches. 3rd party scanners also will show servers as non patched if a company only installs the non quality package. Please do not set the quality updates to supersede the non quality updates. This will prevent companies from having to spend large amounts of development time to rework their processes that worked for several years.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Patch Behaviors  ·  Flag idea as inappropriate…  ·  Admin →
  17. KB3159706 make WSUS console crash.

    After install KB3159706, WSUS console can't be opened. Need to do post installation action. It did make trouble. At firs, user doesn't know what cause this problem. After spending time to search for solution, user figure out that this problem is caused by KB3159706. It waste user's time. It's better to have a way to warning user that there is known issue in the update patch when user install the update patch.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  WSUS  ·  Flag idea as inappropriate…  ·  Admin →
  18. IIS logging for WSUS

    Minimize number of 500 errors in IIS logs due to recycling of WSUS AppPool during client scans as it causes excessive false positives in monitoring systems.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  WSUS  ·  Flag idea as inappropriate…  ·  Admin →
  19. Windows Deployment Services should not need the GUI

    As the title says, at the moment it is impossible to install WDS in server core mode, I personally would like to have a PXE server on a server core instance

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  WDS & MDT  ·  Flag idea as inappropriate…  ·  Admin →
  20. Configuration process - wait for Update to complete, before "auto-restart"

    Hi Dev Team,

    Configuration process (Add / Remove Roles) should check if Updates are being downloaded / installed, before restarting the system.

    Cheers

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Patch Behaviors  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base