Microsoft Issues Fix for WSUS Update Problem

Microsoft has announced a fix today for its flawed update, known as "KB3148812".

This update was aimed at organizations using its Windows Server Update Service (WSUS) management product. WSUS is typically used by large organizations with careful patch management requirements. Microsoft's KB3148812 patch for WSUS was supposed enable automatic decryption of Windows 10 feature updates in preparation for Microsoft's "anniversary update," coming this summer. However, the patch had some flaws, causing WSUS to not be able to connect with Windows clients, among other problems.

Some organizations that applied the flawed KB3148812 update have had dysfunctional WSUS systems for almost two weeks. Microsoft is now signaling it has a fix. The fix is a new Knowledge Base item called "KB3159706," as described in this announcement today.

Essentially, KB3159706 does the same thing as KB3148812 was supposed to do. It prepares the way for WSUS to automatically decrypt Windows 10 feature updates. It's needed for Windows Server 2012 and Windows Server 2012 R2 users that want to keep Windows 10 clients up to date. This WSUS update can't be skipped by those users, Microsoft's announcement explained:

Skipping this KB [KB3159706] means not being able to distribute the Windows 10 Anniversary Update, or any subsequent feature update, via these platforms. Note that Windows Server 2016 will have this functionality at RTM.

IT pros will have to carry out some manual configuration steps to get this update to work with WSUS. Those steps are described in Microsoft's KB3159706 Knowledge Base article.

Microsoft is delivering KB3159706 to WSUS. It's also offering it through the Microsoft Catalog. KB3159706 also is arriving through the Windows Update service as an "optional update." The Windows Update distribution approach is being done for the organizations that have disabled WSUS systems.

Some organizations have a test fix from Microsoft, called the "test package." KB3159706 will update it. Microsoft's announcement recommended these steps for organizations with WSUS systems affected by the bad KB3148812 patch:

  1. Uninstall test package
  2. [Optional] uninstall KB3148812
  3. Install KB3159706
  4. Reboot your WSUS server

In other WSUS news, Microsoft's WSUS service went down for about 12 hours on May 4. The service has since been restored.

Yesterday, organizations couldn't get updates to WSUS. The cause of the problem apparently was a Microsoft Intune service update. At least that's how it was reported in the Microsoft Services Status Dashboard. That explanation was captured by Microsoft MVP Rod Trent in this WindowsITPro article.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


comments powered by Disqus

Subscribe on YouTube