BatchPatch not finding all needed updates

BatchPatch Forums Home Forums BatchPatch Support Forum BatchPatch not finding all needed updates

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • October 15, 2018 at 6:12 pm #8781
    houghton
    Participant

    Here is my setup, I have a workstation running BatchPatch connected to an offline network with currently two tablets. I am running this in “cached” and “offline” mode. I downloaded the Microsoft offline scan file and ran the “Retrieve consolidated url list of available updates”. The workstation finds the correct about files and found October cumulative updates. The tablets found three updates and all were from May (note these have not been updated since March). I went ahead and proceeded with the updated, hoping that after running the search again it would pick up the latest cumulative updates, this did not happen.

    I have another tablet, with the exact same load on it, and hooked that one to the internet and it found 9 updates, a couple were the same, but the other 7 were different.

    Overall here is the question. Why is Windows finding 9 updates and BP finding 3? Or perhaps, why do you think it would? These are STIG’ed but the workstations have the same STIGs applied and are finding the appropriate updates while the tablets are not. So perhaps it could be a group policy setting but I would think it would be happening across the board.

    October 15, 2018 at 6:25 pm #10013
    doug
    Moderator

    Please see this posting for all possible reasons explained:

    BatchPatch and the Windows Update Control Panel Report a Different Number of Available Updates

    October 15, 2018 at 6:42 pm #10014
    houghton
    Participant

    I guess I am not understanding why it would grab a May OS update and not the latest September OS update (latest at the time).

    This is the file it found

    May 8, 2018—KB4103723 (OS Build 14393.2248)

    but should have found this file

    September 20, 2018—KB4457127 (OS Build 14393.2515)

    My scan was performed on October 1st.

    October 15, 2018 at 6:44 pm #10015
    houghton
    Participant

    This is also noting that BP found

    September 11, 2018—KB4457142 (OS Build 16299.665)

    for my workstations, which is the correct build for the time frame.

    October 15, 2018 at 6:59 pm #10017
    doug
    Moderator

    Did you read the link I posted above? It explains every possible reason that BatchPatch could report a different number of updates from the Windows Update control panel.

    When you say “I have another tablet, with the exact same load on it, and hooked that one to the internet and it found 9 updates, a couple were the same, but the other 7 were different.” … how are you checking for updates on that one? What is the process? Are you using BatchPatch in online mode? Are you going to the Windows Update control panel without using BatchPatch? Are you checking on the update catalog or in a web browser?

    In any case I would encourage you to please read very carefully through every reason explained in the link that I posted higher up in this thread. We have not ever seen nor heard of (nor could I imagine) a different reason for the behavior that you are experiencing that is not already explained/addressed in the link. It’s also possible that the updates for the tablets that you are hoping/expecting to see were simply not published by Microsoft in the WsusScn2.cab file, and so you wouldn’t be able to “find” them when using BatchPatch in offline mode.

    -Doug

    October 15, 2018 at 8:28 pm #10006
    houghton
    Participant

    First paragraph answer.

    1. Search Preferences are set to Server Selection: Default/Managed (this is also greyed out in BP, I am assuming that this is due to the cached/offline modes checked). I only have the “Search for ‘all’ software updates” checked, but will try the “Search for ‘all’ driver updates” as the directions state that this will search for “every possible update”. Everything is checked below it in the Classification Filtering option just like the link shows from the comment above.

    2. Server Selection. This option is greyed out with Default/Managed selected. I am assuming that this is due to cached/offline modes being used.

    3. Stale Results: Will try UsoClient.exe startscan manually and run another test tomorrow.

    4. Offline mode: I understand that the WsusScn2.cab file may not be up to date but it should at least have a cumulative update from the previous month or the month before that, BP and the file from Oct 1, found a cumulative file for 5 months ago. This addresses your third paragraph, I just doubt the .cab file would skip 5 months. I am going to research but is there a way to see all files that are searched for in a WsusScn2.cab file?

    5. Dual-Scan: Not using WSUS, so this should not be a player.

    6. SCCM: Again, this is not a player as there is not a WSUS.

    Answering the questions from the second paragraph. That single tablet is on the internet and NOT using BP in any way. Exact process is this; Start Menu, Settings, Update & Security, and click on “Check for updates”, then Win10 searches, downloads, and installs the updates.

    October 15, 2018 at 9:49 pm #10007
    doug
    Moderator

    Based on the information you have provided it seems like the issue is between what is being offered in the WsusScn2.cab file for that computer vs what you are expecting to see available for that computer. To test this I would suggest that you take the tablet that you are able to connect to the internet and have BatchPatch in online mode perform a check for available updates on that target tablet against Windows Update. Then with that same tablet as the target perform the check for available updates in offline mode against the WsusScn2.cab. That should give you the answer if the issue is what is contained in the WsusScn2.cab vs what is being offered online from Microsoft. I hope this helps.

    -Doug

    October 16, 2018 at 3:09 pm #10008
    houghton
    Participant

    Just finished up with the tablet that I can connect to the internet. Ran BP and found the same updates as I did with the offline network.

    Thank you for your assistance Doug. I still struggle to understand why the tablet connected to the internet and updating via WU is finding many more updates compared to BP. I would assume the WU and BP would closely match but apparently that is just not the case.

    Thank you again.

    October 16, 2018 at 4:21 pm #10009
    doug
    Moderator

    BP should find the same updates as the manual check for updates, so long as BP and the manual check are looking for updates in the same place and are not filtering any of the results. After all, BP is using the Windows Update Agent to perform the check. This is the same way that the manual check with Windows control panel does it. We have *never* seen a case where a discrepancy could not be easily resolved, so I believe we should be able to figure out what’s going on in your situation. There are some things that still need to be tried.

    The plan was to take the internet connected tablet and run BP in two modes.

    1. Run BP in offline mode with that tablet as target host. The results should be the same as when you ran BP in offline mode against the offline tablet. Also, are you certain you have the latest WsusScn2.cab file?

    2. Run BP in online mode with that tablet as a target.

    A. In online mode make sure in BP you have ticked ‘All software updates’ AND ‘All driver updates’.

    B. With ‘All software updates’ AND ‘All driver updates’ ticked, in BP try the following three different tests for checking updates. Under ‘Tools > Settings > Windows update > First try checking for updates against ‘Microsoft update’ which should be the most inclusive, and then try checking for updates against ‘Windows update’, and finally try to check against ‘Default/managed’.

    Some other questions… what OS version and service pack or update level is running on the tablet?

    Did you confirm that the tablet is showing you accurate (not stale) results? When a search is performed with BP, it’s real-time and gives real results each time. However, when you look at the Windows Update control panel directly on the computer, it will frequently show stale/old/outdated results. At the cmd prompt of that tablet you can run ‘UsoClient.exe startscan’ to refresh the stale results. See if it then reports different updates than it was reporting before.

    October 17, 2018 at 2:18 pm #10003
    houghton
    Participant

    Doug,

    I ran all the tests and then I noticed that the online tablet found an update that the offline didn’t. I downloaded that update, which was a Critical Update lets call it KB~2216, and manually installed KB~2216. After the manual install, BP was able find the updates for the more up to date KBs rather than the KBs from 5 months ago.

    Thank you for your help again, it pushed me to find the difference. It is concerning that BP offline didn’t push for the Critical Update but BP online did though.

    Either way, we are good to go now.

    October 17, 2018 at 3:36 pm #10004
    doug
    Moderator

    Glad you got it worked out. Note, Microsoft does not publish *all* updates to the WsusScn2.cab file. It’s only security updates and service packs plus a few others. In this case it sounds like maybe the update you were missing was an update for Windows Update itself. Would have been nice if they delivered it in the WsusScn2.cab file, but apparently they didn’t.

  • Author
    Posts
Viewing 11 posts - 1 through 11 (of 11 total)
  • You must be logged in to reply to this topic.