Botched WSUS patch KB 3148812 throws errors 80244019, 80244008, 8024401f

[Karlston]

Two days after the patch rolled out, Microsoft provided instructions for dealing with reported problems -- but the new fixes don't work either

Be glad you aren't in charge of a Windows Server Update Services (WSUS) server.

 

WSUS admins on April 19 received patch KB 3148812, described in the KB article as "an update to a feature that enables Windows Server Update Services (WSUS) to natively decrypt Electronic Software Distribution (ESD) in Windows Server 2012 and Windows Server 2012 R2. Before you install this update, see the Prerequisites section."

 

Admins were keen to get it working because, per Microsoft, "You must install this update on any WSUS server that is intended to sync and distribute Windows 10 updates (feature updates) that are released after May 1, 2016."

 

When gathering the information about this week's 24 patches, I noted that problems had already been reported with this update and pointed would-be patchers to this post from Microsoft on TechNet. It says:

 

We've received word of some issues happening (e.g., WSUS admin console is inaccessible, clients can't contact WSUS) in the wild after installing KB3148812.  It is critical functionality; however, you don't lose anything by skipping installation until we publish media that leverages this scenario, which will not be happening this month.  For now, feel free to remove the patch if it's causing you problems, and we'll get to the bottom of the issues that have been reported.

The post was amended the morning of April 20 to say, in the comments:

Update: We've identified the root cause, and the good news is that this is not an issue of code quality. The package is good as is, but it requires some additional manual steps to be taken afterward in order to realign the moving parts of the system. More information on that will be available via the KB article and this blog later this week.

Late on April 21, Microsoft posted a WSUS Product Team blog with instructions for completing the installation of KB 3148812. Two days after the patch rolled out, Microsoft provided these instructions:

This update introduces two changes that require additional manual steps in order to complete the installation: those who installed it right away had a bit of a panic because the guidance was not yet published.

The post goes on to describe two scenarios, with complex steps for fixing the attendant problems.

 

Big problem: The new fixes don't work. A tirade of complaints on the TechNet forum said the manual fixes that Microsoft offered after the fact don't fix the patch. Win10 PCs attached to the patched WSUS server still couldn't see the server. Clients are reporting errors 80244007, 80244019, 80244008, and 8024401f.

 

One poster noted that the situation could be fixed by appending one final step: Deleting the SoftwareDistribution folder on all of the clients -- a fun trick for a large, managed environment.

 

On Friday morning Microsoft pulled the WSUS Product Team blog post. There's no indication why or when it might reappear, and the original KB article still doesn't mention the problem.

 

It looks like this might be a good time to roll back your server to a couple of days ago and sit this one out through the weekend at least.

 

Yes, even WSUS admins need to wait a while before installing new patches, or risk wasting a few days in the attempt.

 

Source: Botched WSUS patch KB 3148812 throws errors 80244019, 80244008, 8024401f (InfoWorld - Woody Leonhard)

 

Discussion: Botched WSUS patch KB 3148812 still throws errors 80244019, 80244008, 8024401f (AskWoody.com)

[Actarusse]

[WALLONN7]

Really?! That never happened before...

[steven36]

Without the patch  you cant  distribute windows 10 update  off you're server way too go M$  .

 

Quote

 

Windows 10 for business: Enterprise adoption

Enterprise uptake has been strong so far. On 6 January 2016 Microsoft that more than 76 percent of enterprise customers are using Windows 10 in 'active pilot' projects, with over 22 million enterprise devices currently running on the new operating system.

 

http://www.computerworlduk.com/operating-systems/pros-cons-for-businesses-moving-windows-10-3621064/

[straycat19]

Surely they jest.  I don't know of any  big business who has adopted or even considered adopting Windows 10 and that doesn't include some very big Universities that have avoided it like the plague.  Personally we don't use WSUS since we switched to MSSC and we don't roll out updates until our test group has tested them for two weeks.  Damn shame we have to protect our systems from Microsoft too!

 

[steven36]

4 hours ago, straycat19 said:

Surely they jest.  I don't know of any  big business who has adopted or even considered adopting Windows 10 and that doesn't include some very big Universities that have avoided it like the plague.  Personally we don't use WSUS since we switched to MSSC and we don't roll out updates until our test group has tested them for two weeks.  Damn shame we have to protect our systems from Microsoft too!

 

If you're  IT like you clam you are . in 4 years its going to be mandatory to update to windows 10 so sooner or latter you will need to learn about it .Because Windows 7 is a legacy O/S Back when business updated from XP to windows 7  some were slow too adapt  it coasted  them many millions  of dollars a year to get updates after eol . Unless they plain to switch over to Mac OSX or Linux  . Sooner or latter all business will update so there not much worried  about it,