ADR, WSUS and sharepoint updates

David Zemdegs 1,586 Reputation points
2020-10-28T01:54:50.43+00:00

Greetings,
We have a standard ADR that delivers regular critical and security updates to servers and it works fine.
However on one of our 2012 servers, someone noticed that if they do a 'check for updates', it comes up with a bunch of security updates for sharepoint 2013 which havent been installed.
I checked wuauhandler.log and it only shows the OS updates being processed.
I then checked c:\windows\windowsupdate.log and it appeared to show the sharepoint updates being added. Why would windowsupdate.log show this? I thought as a CM client that all update info is in wuauhandler.log?
I then searched for the updates in my CM console. They do not appear at all. Sharepoint doesnt even appear as a product. However the updates appear when I search using the WSUS console.
What is going on? It appears the 'check for updates' is accessing the WSUS server and bypasssing CM altogether?
Thanks
David Z

Microsoft Configuration Manager Updates
Microsoft Configuration Manager Updates
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Updates: Broadly released fixes addressing specific issue(s) or related bug(s). Updates may also include new or modified features (i.e. changing default behavior).
1,005 questions
0 comments
Accepted answer
  1. Jason Sandys 31,186 Reputation points Microsoft Employee
    2020-10-28T21:03:28.19+00:00

    SharePoint updates, from memory, are under Office. You can easily check the product category listed in WSUS to validate this. As for them not being in ConfigMgr, there's no reason they shouldn't be if they are in WSUS unless they are expired.

    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jason Sandys 31,186 Reputation points Microsoft Employee
    2020-10-28T14:19:42.57+00:00

    I thought as a CM client that all update info is in wuauhandler.log?

    True but using the control panel for updates bypasses the ConfigMgr agent.

    It appears the 'check for updates' is accessing the WSUS server and bypasssing CM altogether?

    It's actually going straight to Microsoft Update as unless you've directly approved these updates in WSUS, they wouldn't be available from there.

    0 comments
  2. David Zemdegs 1,586 Reputation points
    2020-10-28T20:27:59.903+00:00

    Thanks Jason.
    Why is it that these sharepoint updates appear in the WSUS console but not in the Software Updates node of the CM console. It would normally depend on what products are selected in the CM SU configuration but sharepoint is not listed as a product. So do we have to manually install sharepoint updates then? Is that the case for other MS products?

    0 comments
  3. Amandayou-MSFT 11,051 Reputation points
    2020-10-29T07:46:02.473+00:00

    Hi @DavidZemdegs-6660,

    We could check if the sharepoint updates is from Microsoft update or WSUS/SUP by checking ServiceId from windowsupdate.log.

    If the update is from Microsoft update, ServiceId is 9482F4B4-E343-43B6-B170-9A65BC822C77, and it is from WSUS/SUP, ServiceId is 3DA21691-E39D-4da6-8A4B-B43877BCB1B7. As mentioned above, ServiceId could be 9482F4B4-E343-43B6-B170-9A65BC822C77, and the update is from Microsoft update.

    Here is the article we could refer to:
    https://video2.skills-academy.com/en-us/windows/deployment/update/how-windows-update-works

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
    email-notifications.html

    0 comments