[doug]

Please see: The Windows Update Control Panel in Windows 10/2016 is Not Up To Date After Using BatchPatch To Install Updates

[doug]

You may match on title text instead of KB ID. Matching is done by comparing the update title to the text of each item in the list. If the text of any item in the list is contained in the update title, the update will be excluded or hidden, depending on whether you are using the ‘exclude’ feature or the ‘hide’ feature.

To guarantee uniqueness, we recommend entering the KB IDs, but if your goal is to always exclude or hide any update with ‘preview’ in the title, then you may enter ‘preview’ into the exclude or hide list (without the quotes) instead of using the KB ID.

Excluding vs hiding:

Excluding an update means that it will just be skipped for the current action. However, it will continue to appear in the list of available updates every time you scan for updates.

Hiding an update means that it will become hidden on the target computer and will no longer appear in a search for available updates on that target computer. Caveat: Microsoft does have the ability to force a previously hidden update to become unhidden. This is not something that they do frequently, but they do it occasionally if they re-release an update under the same KB ID.

[doug]

Excellent. Glad you got it figured out.

[doug]

Thanks. We’ll consider these.

[doug]

Thanks. That makes sense… but can you explain to me why you need the IP in the first place if you already have the FQDN? In your original posting you mentioned that you want to be able to use the IP in local and remote commands, but I guess what I’m confused about is why you would need to use the IP in those commands as opposed to just using the short host name or FQDN, which you already would have in the hosts column and could use in local and remote commands as $computer?

[doug]

Pete – Did you know that you can just enter an IP address into the hosts column? Then you can use ‘Get host name’ to populate the ‘Get Host Name’ column, which would give you what I think you are looking for, which is one column with host names and one column with IP addresses, both of which are sortable.

-Doug

[doug]

It’s not an issue with the version. There must be something else going wrong. We would need the complete, verbatim error message text (not just the 1601… there is additional error text to go along with the 1601 that would explain the reason for the problem) to know what the problem is.

-Doug

[doug]

Currently, there can only be one recurring task per row. Your options are either to use the multiple tasks schedule with specific days/times scheduled (not using recurrence), or you can create 2 rows per host, with each row holding 1 recurring task.

Thanks,
Doug

[doug]

Windows 10 does not auto-refresh its check for available updates, so you would either have to wait until it eventually refreshes (unclear how long this could take, maybe even days), or you can use ‘usoclient.exe startscan’ to refresh Windows 10. More details here: https://batchpatch.com/the-windows-update-control-panel-in-windows-102016-is-not-up-to-date-after-using-batchpatch-to-install-updates

Yes you may use WSUS with BP. We have many customers using WSUS with BP, and we generally recommend it. https://batchpatch.com/batchpatch-integration-with-wsus-and-group-policy

[doug]

I believe OOBE would only ever be relevant when installing Win 10 from scratch or when upgrading to Win 10 from a different OS. I do not think OOBE is ever presented when applying a feature update to an existing Win 10 installation, regardless of the method that is used to apply it.

[doug]

Would you be willing to email us a copy of the text file? I can’t imagine how this issue could manifest under any circumstances, but it would be interesting for us to test your exact text file just to rule out any problems with that particular file.

[doug]

For many years now BatchPatch has an activity indicator in each tab header, so when activity begins in any tab, a yellow orb image/icon is displayed in the tab header next to the name of the tab. It turns red if/when hosts in the tab go offline. When activity stops in a tab, the image/icon disappears.

[doug]

You can use the option/checkbox ‘Run task immediately upon detecting target computer online‘ which is inside the BatchPatch task scheduler.

Alternatively, you could use the job queue to create your own custom loop with ‘If host is offline, goto label:X‘. Note, this item only exists in the most recent version of BatchPatch, which was released just a couple of days ago.

[doug]

This is not a BatchPatch issue. The -102 error occurs when the target computer has a problem connecting to the update server. The HRESULT value is the “reason” code. From Microsoft’s documentation:

0x80244007 -2145107961 WU_E_PT_SOAPCLIENT_SOAPFAULT
a SOAP Fault was returned by the server. See the more specific WU_E_PT_SOAP_xxxx mappings when a SOAP fault was returned by the server.
SOAP client failed because there was a SOAP fault for reasons of WU_E_PT_SOAP_* error codes.

This issue occurs because Windows cannot renew the cookies for Windows Update.

Review KB2883975 for instructions to resolve the issue.

If Microsoft’s documentation and patch at the link above link don’t resolve the issue, you should then examine your WSUS, and perhaps more specifically IIS on your WSUS.

[doug]

In BatchPatch you don’t have to do anything else for the Office updates. I don’t think you would need to do anything in Group Policy either.

The various counts that the WSUS maintains will virtually never be accurate unless you are extremely closely managing your WSUS. This is not a BatchPatch issue. You’ll find in almost any WSUS environment, regardless of which other tools are being used (or even when no other tools are being used at all), that the counts in the WSUS aren’t generally going to reflect any reality that the administrator cares about.

[doug]

Thanks. Unfortunately we aren’t able to reproduce it even on the same OS that you are using (Win 2016 build 14393.3564).

[doug]

Unclear what the cause is, but it’s pretty much gotta be something with your system/environment because we cannot reproduce it and have had zero reports from anyone else about it. My first suggestion is to update Windows. Looks like you’re still using build 1607, which for Windows 10 is very old. Second recommendation is to look at disabling any type of anti-virus or HIPS or other security software that is running on the computer. It could be the reason for the issue.

[doug]

Strange.

What is the app version under ‘Help > About’ ?

Additionally you should see an event logged in the Windows application log (in the event viewer). Please paste the entire crash/problem/error event details for me to review.

[doug]

@Jack.Roberts – yes.

[doug]

It’s a 24-hour clock.

[doug]

The return code comes from the installer, not from BatchPatch. We have not seen that particular one before. The HEX representation is c190010d. For googling purposes, use the HEX value.

https://docs.microsoft.com/en-us/windows/deployment/upgrade/resolution-procedures

0XC190010d MOSETUP_E_INVALID_CMD_LINE The installation process was launched with an invalid command-line argument.

Invalid command-line argument seems very peculiar. Implies that the issue is with your deployment syntax. I would try creating the deployment from scratch in BatchPatch as a start. While I don’t know how/why there would be a problem with your existing deployment since you imported it from a working deployment, the error implies that there is something wrong with the actual syntax. So to ensure that there isn’t somehow something invalid or corrupt in the deployment config (we have never heard of this happening before from an export/import), follow the instructions here to create a brand new deployment from scratch: https://batchpatch.com/deploying-windows-feature-upgrades-remotely-to-multiple-computers

If that doesn’t work, my next suggestion is pick a computer that produces the error and then try to run the Windows 10 upgrade manually (without BatchPatch) from the same installation media that you are using for the deployment. See if you have success. This would tell us that the issue is related to the deployment process as opposed to the issue being with Windows not being able to perform the upgrade for one reason or another. Also, if Windows cannot perform the deployment, it might pop a better message to tell you why it cannot proceed/complete.

Additionally, you can check through the log files mentioned at the Microsoft link at the top of the page and see if anything is revealed about the cause of the problem.

Please report back with anything you learn.

Thanks.

[doug]

I didn’t realize you were only experiencing this on a single machine. That then obviously indicates a problem with the particular computer, not with the WsusScn2.cab. I would try rebooting that 2016 machine first, and assuming that doesn’t solve the issue I would try resetting the Windows Update components on it. The link below can help you with that. If still no luck, I unfortunately don’t have any other suggestions.

https://docs.microsoft.com/en-us/windows/deployment/update/windows-update-resources

[doug]

0x80240031 -2145124303 WU_E_INVALID_FILE file is not of the right format

I don’t think we’ve seen this particular error before, but it’s saying that the Windows Update Agent doesn’t like the WsusScn2.cab file. When you run BP in offline mode, the first thing it does is download the most recent version of this file from Microsoft to the BatchPatch cache directory (you can see the path of this directory in ‘Tools > Settings > Windows Update’ at the bottom). My only guess is the file is somehow corrupt. However, normally the WUA does a signature check on the file before doing anything, and it throws a different error if the signature doesn’t check out, so I’m not sure how this error that you received could occur since a corrupt file would fail the signature check and presumably throw a signature verification error, like what we have seen before. Anyway though, if you right click on the WsusScn2.cab file you can check ‘Properties > Digital Signatures’. Check this on both the BatchPatch computer in the cache directory as well as on the target computer (in the remote working directory, which defaults to C:\Program Files\BatchPatch). If the file does not have a ‘Digital Signatures’ tab, that would indicate it is corrupted. This could happen during the initial download to the BatchPatch cache folder or when BatchPatch copies it to the target computer’s working directory. If both are missing the ‘Digital Signatures’ tab, delete both, and then initiate a fresh download of the file using ‘Tools > Download Microsoft offline scan file’. Check the file properties to make sure there is a digital signature before attempting again.

[doug]

There is no such bug. It seems evident that you executed the search with offline mode enabled, you pasted the log file from that search operation into this thread, and then you took a screenshot with the box unchecked and pasted that into the thread. Alternatively, it’s possible that you used a BatchPatch job queue, and inside the job queue you used the special item ‘Enable offline cached mode (override global settings for this queue only)’

I’m sure if you go back and test again you will find that what I have said is accurate. You can also review the ‘All Messages’ column for a history of what you have executed, which might help clarify any confusion that you may have about what exactly you executed at which times.

[doug]

The log you pasted says differently:

::Begin offline search

[doug]

Yes, this can be done with a job queue.

[doug]

An offline search will not necessarily find identical updates to an online search. The offline search occurs against the WsusScn2.cab file that Microsoft releases each month. Offline mode is designed for offline scanning when no internet or WSUS is available. While this WsusScn2.cab file contains all security updates as well as various other updates that Microsoft decides to include in it, it does not contain every single update that is published on Microsoft’s public Windows Update and Microsoft Update servers. Offline mode is not recommended for computers that have internet access or access to a local WSUS.

[doug]

Create a job queue with the following steps:

1. Check for available updates
2. Terminate queue if previous ‘Check for available updates’ finds 0 updates
3. Send email notification

Then set that job queue to run as a scheduled task. When it runs it will send you an email notification if/when there are 1 or more updates available. In the next version of BatchPatch there will be additional conditional options available for the job queue to enable this task to be created in a couple of different ways, but in the current version you would need to do it like stated above.

The multiple tasks scheduler does not allow recurrence. Your options are either create a separate recurring scheduled task for each row (you can create more than one row per host, if desired), or use the multiple tasks scheduler and manually create all of the desired datetimes to run the task.

[doug]

You cannot trigger BatchPatch actions from cmd/powershell. However, if you want to automate the update process you can schedule BatchPatch actions to run at a desired datetime by using the Task Scheduler inside of BatchPatch:

How to Automate Monthly Windows Patching and Updates for Numerous Computers

If you want to be able to run BatchPatch scheduled tasks without having to be logged on with BatchPatch running, you can run BatchPatch as a service:

Running BatchPatch as a Service

[doug]

I’m glad you got it worked out, @Johan. Thanks @mmccar for pointing to the solution. For anyone else who might read this thread, here are some things to be aware of:

1. Remote Execution Context:
https://batchpatch.com/remote-execution-context

If BatchPatch is set to SYSTEM, if you execute a deployment to run a .bat file on a remote computer, when the .bat file runs it will not have network access. So, if that .bat file contains a call to a network share, as was the case with @Johan’s .bat file, it will not be able to run to completion successfully.

Set the remote execution context to ‘Elevated token’ to resolve this issue, as @mmccar pointed out.

2. Integrated security vs alternate credentials
If you continue to have problems after setting the remote execution context to ‘Elevated token’ the next thing that you should do is specify alternate credentials for the row(s) in BatchPatch (Actions > Specify alternate logon credentials). Even if the alternate credentials that you specify are for the same exact logon account that you are already running BatchPatch under, you should still do this. It’s complicated to describe why this makes a difference, so I’m not going to get into a lot of detail on the topic right now. Suffice it to say that when there are multiple hops of authentication (from the BatchPatch computer to the target computer, and then from the target computer to the network share that is called inside the .bat file), there is a difference between using integrated security as compared to when you specify alternate credentials. When you specify alternate credentials you essentially end up removing one of the hops, and this can be the difference between the deployment completing successfully vs failing.

[Author]

Posts