4

server based on Windows Server 2008 R2 Service pack 1 (x64) with installed .NET Framework 4.0 does not apply patch KB2416472 which is approved in WSUS.

Looking at the report in WSUS for this server I see the following entry for this patch:

Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2416472)

Security Updates

Install

Not Applicable

I believe the Not Applicable is the problem - it might have to do with that line saying nothing about SP1. However MS10-070 states that the patch is applicable also for Windows Server 2008 R2 for x64-based Systems Service Pack 1

I've checked the windowsupdate.log file on the machine and there are no references to KB2416472.

Update 1: WSUS version 3.2.7600.226

Update 2: Patch installs manually without problems.

Any ideas?

blank3
  • 2,157
  • 1
  • 15
  • 14
  • 1
    Have you tried installing the patch manually? – DanBig Nov 08 '12 at 13:30
  • windows should log out some more information in event viewer. I would have a look in there. If you find anything more, paste it here. Make sure you have .NET Framework "Full" SKU and not the Client Profile. – Sc0rian Nov 08 '12 at 14:22
  • @DanBig: patch installed manually worked. – blank3 Nov 08 '12 at 18:49
  • @Sc0rian: I'll check the logs. I'm not sure on the logic of updates. Its probably WSUS that knows what is appropriate for a specific client. If that is the case WSUS decided that it is not applicable and the EventViewer will not have any information. I've searched for KB2416472 but found nothing. I'll try to search for update GUID in the logs. – blank3 Nov 08 '12 at 18:50
  • 1
    @Sc0rian and blank3, there will be nothing in the client logs, since the client doesn't try to install the update. The reason is explained in my answer below. This is the normal and expected behavior of a Windows Update that has been superseded before all of the clients have had a chance to install it. It's no longer necessary since the fixed are rolled up into a later update, so they don't try to install, but it's still downloaded and available on your server, so it's placed into the "Not Applicable" categorization. – MDMarra Nov 08 '12 at 18:54

1 Answers1

6

That update was superseded by KB2656351. Superseded updates are marked as "Not Applicable" if they were not installed before the superseding update was introduced into the environment, since that update contains this fix in addition to new ones..

When looking at the update itself, the WSUS console should tell you that it is superseded and what the superseding update is. I don't have a WSUS server in front of me, so this random screenshot from google images will have to suffice :)

enter image description here

MDMarra
  • 100,183
  • 32
  • 195
  • 326
  • many thanks for the help!I do not see update KB2656351 (it is not superseeded and is approved) installed on my servers though; even though WSUS reports they we're installed there. – blank3 Nov 08 '12 at 19:49
  • I do have to wait with bounty for some reason though... – blank3 Nov 08 '12 at 19:50
  • That update (in it's standalone form anyway) is distributed in .exe format instead of the usual .msu, so I'm not sure where exactly it would show up. Perhaps `wmic qfe get HotFixID|find "KB2656351"` will show it? .NET SPs and security updates are weird, that's for sure. – MDMarra Nov 08 '12 at 19:56
  • The command you specified does not show it. Both updates state in the **Removal information** section that they can be removed using **Program and Features**. It could mean that one should remove the whole .NET... :) – blank3 Nov 09 '12 at 07:41