Known Issues with KB3148812
UPDATE: A newer post regarding KB3148812 is published at https://blogs.technet.com/b/wsus/archive/2016/04/22/what-you-need-to-know-about-kb3148812-part-two.aspx.
Hi WSUS admins, just a quick post to let you know that we've received word of some issues happening (e.g., WSUS admin console is inaccessible, clients can't contact WSUS) in the wild after installing KB3148812. It is critical functionality; however, you don't lose anything by skipping installation until we publish media that leverages this scenario, which will not be happening this month. For now, feel free to remove the patch if it's causing you problems, and we'll get to the bottom of the issues that have been reported. If you'd like to assist in resolving this, then please Email Blog Author and we'll follow up with you.
We appreciate your patience while we get this sorted.
Comments
- Anonymous
April 19, 2016
Thanks, uninstalling this fixed my borked 2012 R2 update server. - Anonymous
April 19, 2016
Update: We've identified the root cause, and the good news is that this is not an issue of code quality. The package is good as is, but it requires some additional manual steps to be taken afterward in order to realign the moving parts of the system. More information on that will be available via the KB article and this blog later this week. - Anonymous
April 20, 2016
Thank you, i was struggling with this issue for two hours. - Anonymous
April 20, 2016
Is there an issue with
Cumulative Update for Windows 10 Insider Preview (Build 14295): April 18, 2016 / KB3154879 ?
My WSUS won't download this update:
Content file download failed.
Reason: File cert verification failure.
Source File: /d/msdownload/update/software/crup/2016/04/windows10.0-kb3154879-x86_f2c8538631162c1c3c168a9b88a95813bb3f8bfc.psf
This is the only update that won't download, all older and newer work fine.
And the x64 Version also downloaded fine. - Anonymous
April 20, 2016
Having the same issue below, file came down on the 14/04/2016 - seems signed with the wrong cert (developer).
Content file download failed.
Reason: File cert verification failure.
Source File: /d/msdownload/update/software/crup/2016/04/windows10.0-kb3154879-x86_f2c8538631162c1c3c168a9b88a95813bb3f8bfc.psf - Anonymous
April 20, 2016
also this one.. same KB3154879
Content file download failed.
Reason: File cert verification failure.
Source File: /d/msdownload/update/software/crup/2016/04/windows10.0-kb3154879-x86_c7b4d1ac4829121785ae79b2df7550004eca089f.cab
Destination File: w:wsusWsusContent9FC7B4D1AC4829121785AE79B2DF7550004ECA089F.cab - Anonymous
April 20, 2016
Uninstall of this update fixed my WSUS that was not starting. - Anonymous
April 20, 2016
The issue is that patch does not create required columns in SUSDB:
dbo.tbFile.IsSecure.sys.bit(1)
dbo.tbFile.DecryptionKey.sys.varbinary(-1)
dbo.tbFile.IsEncrypted.sys.bit(1)
however the schema validation DLL (SUSDBVerify.dll) is checking for them thus at times of DB startup it stays in Recovery Pending state... - Anonymous
April 20, 2016
best thing in the world... install linux, microsoft has never be trustworth or reliable. so much time wasted fixing problems they caused, they should get a bill from every business that wastes time fixing problems like this that they cause - Anonymous
April 20, 2016
L’équipe WSUS a publié un billet pour alerter d’un problème pouvant survenir sur un Serveur WSUS après l’application de la KB3148812 . Dans ce cas, la console d’administration WSUS devient inaccessi - Anonymous
April 20, 2016
First of all it wouldn't be a true comment section without some Linux fanboy touting how amazing his OS is...amazing..
Second of all, I am getting the same error on a Windows 2008 R2 server for the same windows 10 download so there may also be something wrong with that patch..
Content file download failed. Reason: File cert verification failure. Source File: /d/msdownload/update/software/crup/2016/04/windows10.0-kb3154879-x86_c7b4d1ac4829121785ae79b2df7550004eca089f.cab - Anonymous
April 20, 2016
What can you do when uninstalling it doesn't work? - Anonymous
April 20, 2016
Uninstalled the update. WSUS still won't connect. Server 2012R2. Looks like I'll be restoring from backups. - Anonymous
April 20, 2016
Uninstalling the update worked for me too - Anonymous
April 20, 2016
How can you possibly say this was good code that needed a manual update. Failing to upgrade the databases is bad code! - Anonymous
April 20, 2016
Our 2012 R2 server needed to be rebooted twice after installing the update to get things working properly again. - Anonymous
April 20, 2016
Uninstalling I mean! - Anonymous
April 20, 2016
Where to I send a bill to recoup for my lost day spent on this? - Anonymous
April 20, 2016
I don't see this patch for Windows Server 2012 in our WSUS list, only for Win 8.1. Did it get pulled? - Anonymous
April 20, 2016
Russel, Yeah, looks like it got pulled. Can't see it anymore when I sync/update my servers at work. Have to do another sync on my wsus-server at home to be sure though as it is the only system I got that downloaded the patch in the first place..
Unistalling the offending patch and rebooting my (home)wsus-server got it working again. - Anonymous
April 20, 2016
Hi Steve - I have this problem and restored my WSUS server yester day only to find it inoperable again this morning.
Removing KB3148812 restored service.
Should I block this update and then not be able to receive updates for W10 after 1.May?
What is the best action going forward?
Feel free to email me if you need debug information. - Anonymous
April 20, 2016
I don't understand why you say "that this is not an issue of code quality".
IF there are needed additional steps after installing, why we don't see these needed steps at 1st start of WSUS console?
To me it's caused by not perfect code quality.
Nevertheless, uninstalling makes WSUS work again (Svr2012R2) - Anonymous
April 20, 2016
Sorry, my comment was related to the 2nd post of Steve Henry. I forget to mention that in the beginning - Anonymous
April 21, 2016
The update completely broke my WSUS and SCCM SUP...
:| - Anonymous
April 21, 2016
@Steve Henry - can you confirm if it's ONLY WSUS that this is breaking?
It broke our 3 servers - what else can/will it break? - Anonymous
April 21, 2016
What about kb3154879? Like the posters on the first page I'm also getting:
Content file download failed. Reason: File cert verification failure. Source File: /d/msdownload/update/software/crup/2016/04/windows10.0-kb3154879-x86_c7b4d1ac4829121785ae79b2df7550004eca089f.cab Destination File: e:WSUSWsusContent9FC7B4D1AC4829121785AE79B2DF7550004ECA089F.cab. - Anonymous
April 21, 2016
KB3148812 caused our WSUS server to crash. We removed WSUS role from the server, rebooted, and then reinstalled WSUS role. After initial WSUS setup the service would start but no clients could contact the server until the following was performed on each client: stop wuauserv and bits; rd windowssystemdistribution; start wuauserv and bits; perform update check. After that the client OS level and status would be shown properly on WSUS console. - Anonymous
April 21, 2016
After April round of patches, the WSUS server would fail to start and the Application Log had these error messages
all over the place:
Log Name: Application
Source: MSSQL$MICROSOFT##WID
Event ID: 18456
Task Category: Logon
Level: Information
Keywords: Classic,Audit Failure
User: NETWORK SERVICE
Description:
Login failed for user 'NT AUTHORITYNETWORK SERVICE'. Reason: Failed to open the explicitly specified database 'SUSDB'. [CLIENT: ]
I uninstalled KB3148812 and rebooted the WSUS server, now WSUS Service Starts, I can connect to the WSUS admin page and clients can pull. - Anonymous
April 21, 2016
@BooBoo: The update that won't download has a certificate from
"Microsoft Development Root Certificate Authority 2014" which is usually NOT in the trusted root store of a WSUS Server (or any other Computer).
Someone over here
https://social.technet.microsoft.com/Forums/windows/de-DE/156707fb-cb1b-4b81-9480-f3370257c25b/wsus-patches-in-netzlaufwerk-legen?forum=windowsserver8de
extracted it and added it to the root store, but I wouldn't recommend that. - Anonymous
April 21, 2016
Steve Henry, to say that this is not an issue of code quality is ridiculous. The Windows patch caused WSUS to stop functioning properly, at least on Server 2012 R2. Therefore, it most certainly is an issue of code quality somewhere. The need for manual steps to rectify the issue after applying the patch indicates that the patch was missing something, which is, by definition, an issue of code quality. This is the second time in the past 3 months I've spent hours chasing my tail to figure out which Windows update broke key functionality in my organization. I and my colleagues are not amused by the lack of QA that goes into these patches. - Anonymous
April 21, 2016
The comment has been removed - Anonymous
April 21, 2016
TD - found the same page at the time, did try installing the Development Root CA - made no difference. we could do with the WSUS guys starting a new blog for kb3154879-x86. - Anonymous
April 21, 2016
I also agree with Greg H - it is absolutely unacceptable for a WSUS update to break WSUS itself. Come on, people!
I came in to work yesterday to a broken server that needed remediation, and it wasn't clear which update broke it, and event log messages implied it was a WID authentication problem. I chased my tail all day yesterday in troubleshooting and rebuilding things, to finally zero in on which update was the root cause of the problem, and THEN discover via a Google search that this problem was known. Very frustrating. - Anonymous
April 21, 2016
Uninstalling this update saved my bacon - thanks - Anonymous
April 21, 2016
mmm...bacon. - Anonymous
April 21, 2016
I feel good that I only needed to spend an hour troubleshooting this. That is however, an hour of my life that is lost for no good reason. As far as I am concerned, this update will remain hidden and never be installed. If resolved, Microsoft can release under a different KB#. What a waste of time. Don't Break My WSUS Server For No Good Reason Please! - Anonymous
April 21, 2016
I had to troubleshoot our main wsus server today, Wsus admin told me about a reboot after applying updates, so, I read each KB description until I found KB3148812, was the only update related to WSUS, so I uninstalled, rebooted the server and WSUS start working again. Then, a bing search brought me here - Anonymous
April 21, 2016
Thanks for the tip Steve, the uninstall worked fine. However for those of you who are so upset.... give me a break. A simple google (bing) search found me this blog post. Are you really saying that you spent "hours" rebuilding a silly wsus server without a little googling to see if anybody else experienced similar issues?! Spare your tears. If everything always worked perfectly, you'd be out of a job. Deal with it. - Anonymous
April 21, 2016
Uninstalling KB3148812 resolved the problem we were having with our WSUS server too. Same problem as described above. - Anonymous
April 21, 2016
The comment has been removed- Anonymous
May 17, 2016
We were having the issue of the console not being able to connect to the server-we uninstalled the KB and restarted the services which corrected the issue for a time but we are now experiencing the same issue. -the application event log shows 18456-the system event log shows The WSUS Service service terminated unexpectedly. It has done this 105 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. The KB is not listed in the installed updates list- it does not seem to still be installed but we are continuing to have this issue. any ideas? - Anonymous
May 17, 2016
now after restarting the service is still will not connect and we are getting this in the event logLogin failed for user 'NT AUTHORITY\NETWORK SERVICE'. Reason: Failed to open the explicitly specified database 'SUSDB'. [CLIENT: ]- Anonymous
May 19, 2016
Please read https://blogs.technet.microsoft.com/wsus/2016/05/05/the-long-term-fix-for-kb3148812-issues/ and follow all guidance specified there and in the KB article linked from it. My guess is that you are skipping required steps, and thus experiencing undefined behavior.
- Anonymous
- Anonymous
- Anonymous
April 21, 2016
Solve this problem:
http://blogs.technet.com/b/wsus/archive/2016/04/22/what-you-need-to-know-about-kb3148812.aspx - Anonymous
April 22, 2016
Thank for your post, I removed this KS solved my problem. - Anonymous
April 22, 2016
Thanks for the post, this helped fix our WSUS servers. - Anonymous
April 22, 2016
Thanks for the update Steve, will hold fire and wait for the release of the newer file - Anonymous
April 22, 2016
Agreed on all the above, ended up declining the update and restoring the 2012R2 WSUS server from a backup. I too look forward to a new incarnation of the patch that works. - Anonymous
April 22, 2016
After some testing it appears that even when you reinstall WSUS on 2012 R2 (having deleted the WID database files) The WSUS console does then load. However, when you have finished configuring all the options your client PC's/server's will not talk to the update server. Error Code 80244007 on a Windows 2012 R2 server when trying to update. Error Code 80244008 for a Windows 7 client PC. - Anonymous
April 22, 2016
We have WSUS running on Windows Server 2012 R2. After installing KB3148812, I got WSUS down. WSUS Service was getting stopped automatically, and the reason behind it is that SUSDB was set to (Recovery Pending Mode) and wasn't coming up with error "Schema Verification Failed". After removing the update, all OK. - Anonymous
April 22, 2016
Still the same. Client not talking to server. Error Code 80244007 on a Windows 2012 R2 server. Error Code 80244008 for a Windows 7 client PC - Anonymous
April 22, 2016
As noted earlier, please run the steps at http://blogs.technet.com/b/wsus/archive/2016/04/22/what-you-need-to-know-about-kb3148812.aspx before reporting your results. The update is not expected to work without having taken the actions listed in that post.
For those that are seeing client scan issues even after taking those actions, look forward to an update to that post later today, and feel free to Email Blog Author if you're unable to wait for resolution. - Anonymous
April 22, 2016
First step works. brings console up online. second step doesn't work. clients never wsus again.
by the way the link to the WSUS blog has stopped working. results in an endless loop to login to microsoft account. - Anonymous
April 22, 2016
Looks like the new link is:
http://blogs.technet.com/b/wsus/archive/2016/04/22/what-you-need-to-know-about-kb3148812-part-two.aspx - Anonymous
April 22, 2016
http://jepatoke.blogspot.com - Anonymous
April 23, 2016
Thanks for letting us now! Important post! - Anonymous
April 25, 2016
uninstalling this fixed my broken 2012 R2 WSUS console issue.
Thank you - Anonymous
April 26, 2016
For those wondering where the original "what you need to know" post went, it contained manual steps that made you unable to simply uninstall KB3148812 to resolve the reported issues. To minimize the number of people in an irreversible situation, we pulled that post (and the KB), so these steps are no longer available. Feel free to watchhttp://blogs.technet.com/b/wsus/archive/2016/04/22/what-you-need-to-know-about-kb3148812-part-two.aspx for the latest on this issue. - Anonymous
April 26, 2016
Hi Steve, Can now see kb3154879 as been declined, have also declined kb3148812. - cheers - Anonymous
April 29, 2016
Ditto...uninstalling the KB fixed our 2012R@ WSUS issue as well. - Anonymous
April 30, 2016
Thanks for taking lead on this. It happens sometimes...glad you were able to get word out quickly! - Anonymous
May 16, 2016
Seems like same issue happenes to KB 3159706 on our server. Microsoft mentiones that you need to do manual steps on server to make the this update work (why do they even publish it on wupdate then?)https://support.microsoft.com/en-us/kb/3159706- Anonymous
May 19, 2016
It was published on Windows Update to allow the WSUS servers that could not distribute updates to sync and apply the update directly. The Microsoft Update Catalog requires IE, and not everyone has that installed. - Anonymous
May 20, 2016
The comment has been removed
- Anonymous
- Anonymous
May 17, 2016
Uninstall did fix. Before I uninstall, the SUSDB was showing as Restore Pending. Once unistalled, the DB came backup ok and WSUS started to work.- Anonymous
May 19, 2016
Glad to hear it. Now you'll need to deploy the new KB, which you can learn about at https://blogs.technet.microsoft.com/wsus/2016/05/05/the-long-term-fix-for-kb3148812-issues/, in order to enable this functionality as we'd originally intended.- Anonymous
May 30, 2016
The update KB3159706 is installed. But again my DB is recovery pending state and I see these errors in the Event Viewer. Login failed for user 'NT AUTHORITY\NETWORK SERVICE'. Reason: Failed to open the explicitly specified database 'SUSDB'. [CLIENT: ]What should I do next.- Anonymous
June 09, 2016
Is this a SQL or a WID database? Have you run the manual steps detailed in https://support.microsoft.com/en-gb/kb/3159706 ?- Anonymous
June 23, 2016
Thanks .. for now its working..
- Anonymous
- Anonymous
October 26, 2016
After making the post installation steps in https://support.microsoft.com/en-us/kb/3159706 it worked for me. Thank you all!
- Anonymous
- Anonymous
- Anonymous
- Anonymous
May 20, 2016
just installed a load of updates and WSUS is broken and KB3148812 is not installed so which one is it!- Anonymous
May 23, 2016
Please read https://blogs.technet.microsoft.com/wsus/2016/05/05/the-long-term-fix-for-kb3148812-issues/ for the latest on this. KB3148812 is no longer needed.
- Anonymous
- Anonymous
June 20, 2016
Hello SteveI tried whatever you instructed but the same result that is WSUS service keeps stopping. Kindly assist me as soon as possible because all the computers of my company cannot be updated through WSUS server.Thanks & regards- Anonymous
August 03, 2016
Please refer to the new blog post for the latest on fixing this issue, and let us know if you continue to have problems.
- Anonymous