Updates reported as needed when they are not.

Discussion in 'Update Services' started by Laxton22, Dec 6, 2005.

  1. Laxton22

    Laxton22 Guest

    I have some updates showing up under some of my clients that refuse to
    install. I left them alone for a few days to see if they would fix
    themselves, but after WSUS failed, I tried to install them myself manually by
    downloading the update from MS. However, I figured out that the machine did
    not even have the software installed that WSUS was trying to update (Outlook
    Express update KB837009 in this case). Anybody have a suggestion as to how
    to stop these updates from appearing when they are not really needed or what
    could cause this in the first place? I think that I have a 2 other machines
    doing the same for the MS VM update (816093). Thanks for any feedback.

    Michael
     
    Laxton22, Dec 6, 2005
    #1
    1. Advertisements

  2. Hi,

    KB837009 (MS04-013: Cumulative Security Update for Outlook Express) is
    superseded by newer OE updates. You should newer approve for
    installation IE and OE updates that are superseded by newer IE and OE
    updates, this is handled badly by the WSUS server/Automatic Updates
    client.

    I strongly recommend you to (at the WSUS admin console) manually
    decline all old Internet Explorer and Outlook Express cumulative
    updates.


    For Outlook Express:

    KB897715/MS05-030 (June 2005 Cumulative Security Update for OE)
    supersedes (replaces) the following (and any earlier) cumulative
    patches for OE:

    MS04-018: Cumulative Security Update for Outlook Express (823353)
    MS04-013: Cumulative Security Update for Outlook Express (837009)


    For Internet Explorer:

    KB896688/MS05-052 (October 2005 Cumulative Security Update for IE)
    supersedes (replaces) the following (and any earlier) cumulative
    patches for IE:

    896727 MS05-038: August 2005 Cumulative Security Update for IE
    883939 MS05-025: June 2005 Cumulative Security Update for IE
    890923 MS05-020: April 2005 Cumulative Security Update for IE
    867282 MS05-014: February 2005 Cumulative Security Update for IE
    889293 MS04-040: December 2004 Cumulative Security Update for IE
    834707 MS04-038: October 2004 Cumulative Security Update for IE
    867801 MS04-025: July 2004 Cumulative Security Update for IE
    832894 MS04-004: February 2004 Cumulative Security Update for IE
    824145 MS03-048: November 2003 Cumulative Security Update for IE
    828750 MS03-040: October 2003 Cumulative Patch for IE
    822925 MS03-032: August 2003 Cumulative Patch for IE
    818529 MS03-020: June 2003 Cumulative Patch for IE
    813489 MS03-015: April 2003 Cumulative Patch for IE
    810847 MS03-004: February 2003 Cumulative Patch for IE
    324929 MS02-068: December 2002 Cumulative Patch for IE
    328970 MS02-066: November 2002 Cumulative Patch for IE
    323759 MS02-047: August 22, 2002 Cumulative Patch for IE
    321232 MS02-023: May 15, 2002 Cumulative Patch for IE
    319182 MS02-015: March 28, 2002 Cumulative Patch for IE
    316059 MS02-005: February 11, 2002, Cumulative Patch for IE
     
    Torgeir Bakken \(MVP\), Dec 6, 2005
    #2
    1. Advertisements

  3. Laxton22

    Laxton22 Guest

    Ok, that makes sense. I just thought that WSUS would automatically go with
    the newer update and I hadn't really thought about them being superseded.
    Thanks for your help!
     
    Laxton22, Dec 6, 2005
    #3
  4. WSUS does, generally, automatically go with the newer update. That is the
    design of the detection engine in the WUA.

    Unfortunately, there is a known issue with Cumulative Updates for IE and OE,
    so it's necessary to work some manual magic on the approvals to keep the WUA
    from confusing itself.
     
    Lawrence Garvin \(MVP\), Dec 7, 2005
    #4
  5. I don't know for a fact that it's a /WSUS/ issue, so it may not be 'fixable'
    by a WSUS Service Pack.

    It could be a detection logic flaw in the packages being built by the IE/OE
    teams.

    It could be a flaw in the program logic of the WUA (which is where I suspect
    the flaw resides). We know of a couple of other issues where the WUA doesn't
    properly not-detect updates, the most famous being the 816093 MS VM update.

    However, I can say that the development of WSUS generally has included an
    updated WUA as successive code bases of WSUS were released. The WUA was
    updated when the RC was released, and also, when the "gold" code was
    released. The AU client was also updated as each service pack for the OS
    platforms was released.

    So based on historical behavior, I'd imagine an updated WUA will appear when
    SP1 comes around.
     
    Lawrence Garvin \(MVP\), Dec 7, 2005
    #5
  6. Laxton22

    Hank Arnold Guest

    This has probably been already asked and answered, but could you describe
    the "manual magic"? TIA...
     
    Hank Arnold, Dec 9, 2005
    #6
  7. Yeah... mark the superceded Cumulative Updates as "Not Approved" on the WSUS
    Admin Console. :)
     
    Lawrence Garvin \(MVP\), Dec 10, 2005
    #7
  8. Laxton22

    Hank Arnold Guest

    Ah.............................. Brain freeze has been cleared.... ;-)
     
    Hank Arnold, Dec 11, 2005
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.