KB2775511 deployment for the SCCM Admin
This week Microsoft rolled out a BIG hotfix (90 hotfixes) rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1. To better understand all the goodness it gives you check out the AskPFEPlat blog or go to the source of one of the guys who helped put it together, my fellow PFE Jeff Stokes. It is being distributed as an enterprise hotfix and so I think it likely that a lot of you folks running SCCM to manage your enterprise might want to roll out this hotfix. One big advantage that comes to mind is including it in your OSD image capture to cut down on patch install time for future deployments. The trick is that “out of the box” you can’t deploy this. It does not sync to WSUS and your SCCM software update point (SUP) automatically. There are some simple steps you can take to get it there, however.
NOTE - As of 5/16 there is a new update rollup available in KB 3125574 . This can also be deployed using steps similar to below.
- On your central site/CAS SUP open up the Windows Server Update Services admin console
- It is worth noteing that we see SCCM folks do more harm than good in the WSUS admin console, but this is one of those exception times you need to go in there. Do so carefully.
- Go to updates and select Import Updates to launch a webpage to the Microsoft Update Catalog.
- Search on 2775511 and then add all that you are interested in getting for your environment
- Make sure the checkbox to import directly is selected then hit the import button.
- Verify that your SCCM site is set to sync "Updates" classification, becase that is what this is (as compared to "service packs" or "security updates").
- Once that download is complete you can sync SCCM and then you should see the updates in SCCM to deploy as you would any other update
3-14-13 update - Added links to AskPFEPlat and Jeff Stokes' blogs along with warning about using WSUS admin console
3-14-13 update #2 - added clarity about fix classification
5/18/16 - Update for kb3125574
Comments
Anonymous
January 01, 2003
Stewart - That is a very good observation and question. At this time, I have no great answer to go with it. You could kick a patch install process followed by the new KB but all in one task sequence to minimize the delay between the two, but that's not a good scenario for many folks. You may just have to push out 2732673 as a SWDist on a collection setup to minimize the delta window between the two as much as possible.Anonymous
January 01, 2003
Excellent information.Anonymous
January 01, 2003
Pete - Good to know. Thanks for sharing that with everyone..., it saves me some time trying to setup the test myself. :-)Anonymous
January 01, 2003
It should be in ARP - would expect to find something in CBS.log about it at that point...Anonymous
January 01, 2003
Impossible to download this Update from Microsoft Update Catalog, when put in "basket" and I open basket, the updates disappear. Maybe since I run Windows 8.1 and IE 11?
But I want this update for our W2008R2 servers.
Why can't MS give us this update the ordinary way?
Regards HåkonAnonymous
January 01, 2003
Thanks. This makes things easy :)Anonymous
January 01, 2003
Michael, we have to deploy this as a regular SCCM Deployment, not via SUP. Problem is, we don't see anything showing up on ARP, or on the computer, to tell if it is deploying--how do you inventory for the existence of this hotfix rollup? We are deploying using this commandline: wusa.exe <filename>.msu /quiet /norestart , where filename = AMD64-all-windows6.1-kb2775511-v2-x64_ec18cc10e27faf443c17e7a8073c9eba773eb13e.msu ThanksAnonymous
January 01, 2003
Ronny - I did not try offline servicing with this. See the criteria on blogs.technet.com/.../3418243.aspx. With all this KB contains I suspect that it is not CBS based. You probably have to include it in a build and capture.Anonymous
January 01, 2003
Did you verified if Offline Servicing is working as well for this update? Using Offline Servicing I receive the following message - Not applying this update binary, it is not supported - while other updates injected successfully. Is this because the update comes with 2 binaries? Using DISM I can insert KB2775511 with success to my wim images.Anonymous
January 01, 2003
The comment has been removedAnonymous
March 15, 2013
Nice write up, thanks.Anonymous
March 20, 2013
A little bit more searching and I found it on the Ribon bar ;)Anonymous
April 18, 2013
I just added this to my Windows 7 SP1 WIM via SCCM 2012 SP1 scheduled updates and it said it was successful. Looks like it works with offline servicing.Anonymous
April 25, 2013
For those of you still using sccm 2007, importing via SCUP works. blogs.technet.com/.../using-the-microsoft-update-catalog-site-with-system-center-configuration-manager.aspxAnonymous
August 21, 2013
Michael Now that 2775511 has been updated to state that after installation you must install 2732673, is there a recommended deployment strategy for SCCM customers? I'm keen to deploy the hotfix rollup in our environment but according to this: blogs.msdn.com/.../roll-up-update-kb-2775511-reports-with-smb-2-0-data-truncation.aspx 2732673 will not be added to the Update Catalogue. It would be much nicer to be able to deliver both hotfixes in a single package as otherwise there will be a delay before 2732673 can be installed. ThanksAnonymous
August 30, 2013
Hi Mike That was the best solution I could come up with too. I was hoping there was a more elegant way of doing it but that approach will have to do. Thanks for your response. StewartAnonymous
September 10, 2013
KB2775511 is available in SUP, but KB2732673 is not. Now that KB2775511 is published, is KB2732673 still needed?Anonymous
December 31, 2013
Pingback from Internet Explorer 11 Silent InstallAnonymous
May 15, 2014
us SCCM admins have to be very careful in WSUS. We were hired directly off the streets afterall. :)Anonymous
August 20, 2014
Want about the additional hotfixes that are required POST installation of KB2775511 (KB2732673, KB2728738 and KB2878378)? Is there a way to ensure the installation order in WSUS?
ThanksAnonymous
March 24, 2015
Does anyone know if this patch will overright the June 2015 Security updates?
Some of the DLL's were replaced in June, but my vendor want me to apply the rollup anyway.Anonymous
June 15, 2015
When you import the POST 2775511 hotfixes into WSUS (KB2732673, KB2728738 and KB2878378) they are Classified as "Hotfixes". In SCCM there is no Hotfixes classification, so it does not pull in those 3 patches?
Is there a way around it?Anonymous
July 08, 2015
The comment has been removedAnonymous
August 05, 2015
When I try to install KB2732673 only it works like a charm but if I try to deploy it after KB2775511 I got the message: 'The update is not applicable to your computer'. On the other hand KB2728738 installs just fine in the same scenario. Any ideas?Anonymous
September 16, 2015
I am using MDT to build and capture my base image and when trying to install this hotfix it never finishes the install. I have tried manually installing, scripted install and added it to wsus allowing the windows updates step to try to install. All times it never finishes. Using Win 7 enterprise iso from Microsoft licensing website. Maybe there are some services that need to be stopped or disabled before install?Anonymous
October 29, 2015
It seems that kb2878378 is no more required if kb3080149 or kb2882822 is installed. Then what is the right install order now ?