Windows Server 2012 R2 not downloading recommended updates

Question

I have multiple Windows Server 2012 R2 running on Azure (IaaS VM's). We perform monthly maintenances on these servers via Ansible, this includes Windows updates (recommended and critical updates).

This works for 90+% of our servers, but some servers consistently claim they never have anything to download/install:

2016-06-07 13:09:14Z Creating Windows Update session...
2016-06-07 13:09:14Z Create Windows Update searcher...
2016-06-07 13:09:14Z Search criteria: (IsInstalled = 0 AND CategoryIDs contains '0FA1201D-4330-4FA8-8AE9-B877473B6441') OR (IsInstalled = 0 AND CategoryIDs contains 'E6CF1350-C01B-414D-A61F-263D14D133B4')
2016-06-07 13:09:14Z Searching for updates to install in category IDs 0FA1201D-4330-4FA8-8AE9-B877473B6441 E6CF1350-C01B-414D-A61F-263D14D133B4...
2016-06-07 13:10:51Z Creating update collection...
2016-06-07 13:10:51Z Found 0 updates   <--- !!! this is not right !!!
2016-06-07 13:10:51Z Calculating pre-install reboot requirement...
2016-06-07 13:10:52Z Scheduled job completed with output: 
Name                           Value                                                                                                                                                                                                                                                                        
----                           -----                                                                                                                                                                                                                                                                        
reboot_required                False                                                                                                                                                                                                                                                                        
changed                        False                                                                                                                                                                                                                                                                        
updates                        {}                                                                                                                                                                                                                                                                           
installed_update_count         0                                                                                                                                                                                                                                                                            
found_update_count             0

Updates are configured to be manual (so that we can orchestrate updates download and reboots)
other servers, running the same software versions and having the same config do get updates
We performed update cache cleanup (removed C:\Windows\SoftwareDistribution content and restarted Windows Update service), problem remains.

Any idea on how to get these recommended updates downloaded ?

EDIT -- Looks like it was an Azure issue, I contacted support, they checked and managed to update one of the failing server ... and now all the servers are getting updates:

2016-06-27 07:36:25Z Creating Windows Update session...
2016-06-27 07:36:25Z Create Windows Update searcher...
2016-06-27 07:36:25Z Search criteria: (IsInstalled = 0 AND CategoryIDs contains '0FA1201D-4330-4FA8-8AE9-B877473B6441') OR (IsInstalled = 0 AND CategoryIDs contains 'E6CF1350-C01B-414D-A61F-263D14D133B4')
2016-06-27 07:36:25Z Searching for updates to install in category IDs 0FA1201D-4330-4FA8-8AE9-B877473B6441 E6CF1350-C01B-414D-A61F-263D14D133B4...
2016-06-27 07:36:55Z Creating update collection...
2016-06-27 07:36:55Z Found 11 updates
2016-06-27 07:36:55Z Adding update 725ba22c-7559-49d3-bfbd-d51622148d0c - Cumulative Security Update for Internet Explorer 11 for Windows Server 2012 R2 (KB3160005)
2016-06-27 07:36:55Z Adding update d299f2c3-98fc-4266-ba0c-0c600fbcd70e - Security Update for Windows Server 2012 R2 (KB3161561)
2016-06-27 07:36:55Z Adding update d9f4e1b5-4477-4d83-8c27-111ce0e88dd8 - Security Update for Windows Server 2012 R2 (KB3159398)
2016-06-27 07:36:55Z Adding update ffffb2de-746f-45ec-989e-31c322837654 - Security Update for Windows Server 2012 R2 (KB3164035)
2016-06-27 07:36:55Z Adding update 5f64a7d0-006a-472e-996c-0cc66d6a8c9c - Security Update for Windows Server 2012 R2 (KB3161664)
2016-06-27 07:36:55Z Adding update 67a00639-09a1-4c5f-83ff-394e7601fc03 - Security Update for Windows Server 2012 R2 (KB3161949)
2016-06-27 07:36:55Z Adding update 96bb2a20-1151-46a5-90a8-51d8fd0b0d40 - Security Update for Windows Server 2012 R2 (KB3161958)
2016-06-27 07:36:55Z Adding update 686a00df-9ffb-4c1d-89b9-e19b46459f27 - Security Update for Windows Server 2012 R2 (KB3164033)
2016-06-27 07:36:55Z Adding update b62535f0-d013-4c32-97fd-deda038637b0 - Security Update for Windows Server 2012 R2 (KB3157569)
2016-06-27 07:36:55Z Adding update 8ec013ae-5302-471d-a369-b4fa407bc088 - Security Update for Windows Server 2012 R2 (KB3164294)
2016-06-27 07:36:55Z Adding update ba0f75ff-19c3-4cbd-a3f3-ef5b5c0f88bf - Security Update for Windows Server 2012 R2 (KB3162343)

Possible duplicate # A couple other things here you might try # http://serverfault.com/questions/521981/wsus-client-detecting-0-updates — Clayton, Jun 07 '16 at 15:25
Thanks, I checked.These "wuauclt /resetauthorization" and "wuauclt /detectnow" do not help. That question refers to the same symptom but the solution just do not work for my case. At this stage I'm unsure if this is a Windows Server or Azure issue... — Olivier Dauby, Jun 08 '16 at 10:29
have you tested connectivity from those servers to the update URLs? — CtrlDot, Jun 09 '16 at 03:01
Those servers apparently have access to the update URLs since the *optional* updates are listed and downloadable. — Olivier Dauby, Jun 09 '16 at 16:20

score 0 · Answer 1 · answered Jun 09 '16 at 14:04

Are you using your own WSUS server, or just the public Windows Update server?

In April of 2014 this non-sec, monthly rollup was released. It is a per-requisite for any future sec updates to be applied. https://support.microsoft.com/en-us/kb/2919355

All future security and non-security updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require this update to be installed.

It was kind of botched, and created other problems...
See https://support.microsoft.com/en-us/kb/2959977

Some computers that have the Windows 8.1 and Windows Server 2012 R2 Update (KB 2919355) installed stop scanning...

Depending on the release date of your 2012 R2 install media, 2919335 may or may not be present. There are some DISM command to add it to older media, I think it was incorporated into media released after April 2014.

Public Windows Update Servers (this is the default on Azure). The servers having the issue have been provisioned Q1&Q2 2016, so I assume this is not related to changes introduced in April 2014. — Olivier Dauby, Jun 09 '16 at 16:28

Windows Server 2012 R2 not downloading recommended updates

1 Answers1