Managed to completely confuse WU.

Hi.

Here's a interesting way how to completely confuse WU:

1. Install a fresh XP with SP2, and point it to a WSUS SP1 server, that
has pretty much everything approved for XP, except SP3 yet. The GPO is
configured to download patches, but notify (no automatic install).

2. See how the WU client and MSI installer update themselfs. Reboot.

3. After a short while, WU reports (via the tray icon), that there are
90 Updates pending. Do *not* install them.

4. Go to the WSUS server, and approve (and let it download) SP3.

5. Let the whole thing sit for the night.

6. Come in the next morning, and look at the XP machine. See the tray
icon, and note how it's unresponsive. Unresponsive means, the icon is
there, but when you click it, all that happens is that it vanishes from
the tray for a few minutes, and then comes back, only to still behave
exactly the same when you click it again.
This is actually an issue I have seen *often* before on machines
(servers mostly) that had been sitting around a long time with the tray
notification, but haven't actually been patched. So obviously, when
there's a significant change in the necessary patches (e.g a new patch
tuesday gone by or the approval status for many patches chnaged), the
wuau tray icon breaks.

Check windowsupdate.log, and notice how according to the log, new
updates, including the newly approved SP3, have indeed downloaded to the
machine during the night.

7. Stop the WUAU service, and start it again. *Now* it gets really
interesting. After a few minutes, the tray icon reappears, and is
actually responsive now. Good.
It also says only 21 updates are needed now, which, assuming SP3 is
included, would make sense. Open the WUAU client to check the list of
offered updates, and notice very surprised, that SP3 is *not* listed
amongst the 21 offered patches. Huh?

Also, notice, very surprised, that SP3 does *not* exist in
c:\windows\softwaredistribution anywhere, although (see above)
WindowsUpdate.log says it had succesfully downloaded it during the
night. In fact, the whole destination directory for SP3 stated in
windowsupdate.log doesn't even exist, but there's also no trace of SP3
anywhere else under softwaredistribution. Somehow, something must have
deleted it, or it was never succesfully downloaded in the first place,
which I highly doubt.

Just FWIW, we're still talking about an absolutely *vanilla* Windows XP
here, meaning there is *no* software installed besides windows XP
itself, so don't even think some external process like AV or something
caused this.

8. Check on the WSUS server. It shows 23 patches (e.g two more) that
this workstation has downloaded (but not installed), one of the two
patches it shows in addition to the WS is indeed SP3.

9. Thoroughly check WindowsUpdate.log again, after restarting the whole
machine and force a detection. Notice that It reads "Found *22* updates
and 36....", but the tray still only shows 21 updates. So now we have
three different values. The WUAU client lists 21 patches, the
WindowsUpdate.log says it's 22, and the WSUS Server says it's 23.
Hmmm....


CU,
Massimo