Windows 7 Clients Not Installing Updates

-
Ran across some Windows 7 systems that were not getting updates. I started down the normal troubleshooting path by looking at various logs.

The logs mostly looked good. However, the datatransferservice.log was lit up like a Christmas tree!


The log was full of all kinds of HTTP errors but these two stood out:
WINHTTP_CALLBACK_STATUS_SECURE_FAILURE
WINHTTP_CALLBACK_STATUS_FLAG_SECURITY_CHANNEL_ERROR

After researching a bunch of IIS sites including this one, I finally narrowed it down to something with TLS.

Turns out they had disabled TLS 1.0 on the MP but the client (Windows 7 SP1) did not support TLS 1.2.

In order for a Windows 7 client to support TLS 1.2, you have to upgrade .NET and apply KB3140245. This patch appears to be standalone and not part of any other cumulative. It can be found in the Microsoft Catalog.

After installing the patch and rebooting, the client was then able to communicate with the MP and get the patches it needed.

Good luck!

Comments

Post a Comment

Popular posts from this blog

ConfigMgr Task Sequence Fails Immediately with "The software could not be found on any servers at this time."

-
Image
Happy Monday, fellow ConfigMgr administrators! I ran across a pretty difficult Task Sequence last week that had me scratching my head. It involved a pretty complex Task Sequence that contained over 50 applications. The Task Sequence would fail within 5 seconds upon launch from the Software Center with an message of  “The software could not be found on any servers at this time.” No error code was given. I ended up removing all the apps from the TS and adding them back one at a time. Many of the applications had at least one supersedence, dependencies and dependency chaining. It turned out there was one particular superseded application that  was missing its content!! Yeah, that would do it. Unfortunately, ConfigMgr did not log what application or package ID had its content missing so it was a crap shoot trying to find it.  I really feel like there should have been a log somewhere that gave this information. This is the only log information I coul
Read more

Delivery Optimization in Microsoft Endpoint Configuration Manager (ConfigMgr)

-
Image
Delivery Optimization can be a powerful tool to help manage your content. However, getting things configured can be confusing and daunting. Here I've broken out the steps to get you going. Client Settings 1.     BranchCache and PeerCache. a.    First, create a new Custom Device Settings and check the box for “Client Cache Settings” and “Delivery Optimization”. b.       BranchCache . To enable BranchCache on clients, set “Configure BranchCache” and “Enable BranchCache” to Yes and set the “Maximum BranchCache cache size (percentage of disk)”. (Default is 10). c.        PeerCache . To make the client a SuperPeer (PeerCache Source), set “Enable as peer cache source” to “Yes”. Note: SuperPeers should be clients that are newer (faster), always on devices, that are hard wired, and have plenty of hard drive space. Note: Build a WQL query to create and maintain a collection of SuperPeers. I.E., CPU, memory, free space, etc.   2.     Delivery Optimization and Microsoft Con
Read more
-
News Update Windows Update for Business Reports If you are using Windows Update for Business (WUfB) to manage updates for your devices, you may want to know how well they are performing and what issues they are facing. WUfB Reports can help you with that. WUfB Reports are a set of dashboards and reports that provide insights into the update status, compliance, and health of your devices. You can access them from the Microsoft Endpoint Manager admin center or the Microsoft 365 admin center. Some of the benefits of using WUfB Reports are: You can see the update compliance and deployment progress of your devices across different rings and policies. You can identify devices that are missing updates, have update errors, or are out of support. You can troubleshoot update issues by drilling down into the details of each device and update. You can export the data to Excel or Power BI for further analysis and reporting. To use WUfB Reports, you need to have devices enrolled in Microsoft Intune
Read more