Articles in this section

Troubleshooting: Windows Patching Empty Installation

Overview

This article covers the most common causes for a Windows patching activity returning an empty installation result, and provides step-by-step troubleshooting for each scenario: 

  • WSUS approval script failure, 
  • patch download issues, 
  • Windows Update Agent problems
  • WSUS replica sync delays.

WSUS Approval Script Failed

The WSUS approval script - responsible for approving patch deployment on endpoint groups - may have failed. To investigate:

  1. Go to Endpoint > Activities.
  2. Filter Task Type to System.
  3. Filter Task to "Sync approval status with WSUS".

Review the status of the most recent activities. If they show Failed, the script was unable to change the approval status in WSUS.

Action required: If the script is consistently failing, contact JetPatch Support.

WSUS Has Not Downloaded the Patch Binaries Yet

WSUS must download patch binaries from Microsoft Update Services (or another WSUS repository, depending on the WSUS configuration) before patches are distributed to endpoints.

To check for download problems:

  1. Log in to the WSUS server.
  2. Open the Windows Server Update Services console.
  3. Go to Updates > All Updates.
  4. Set Approval to Approved and Status to Any.

If there are download problems, an error icon will appear in the left column, with an error message at the top of the update description.

problem_in_downloading_patch.JPG

Check Proxy Settings

A common cause of download failures is Proxy authentication. To investigate, open the WSUS log at:

C:\Program Files\Update Services\LogFiles\SoftwareDistribution.log

Search for the string "Proxy authentication is required"

If found, re-validate the Proxy configuration in WSUS.

Windows Update Agent Is Not Working on the Endpoint

Try to perform a manual update via the Windows Update settings on the affected endpoint:

  1. Open Start.
  2. Search for "Windows Update" and open it.
  3. Click "Check for Updates".

If the operation fails, the error will be displayed on the Windows Update settings page. 

If it succeeds and the endpoint was updated, contact JetPatch Support.

Note: To check multiple machines at once, use the built-in Check for potential Windows Update Agent issues task:
  • Go to Endpoints > Management.
  • Filter on the Windows Endpoint Group(s) you want to patch.
  • Select all rows and choose Action > Run Task.
  • Search for "Check for potential Windows Update Agent issues" and click "Run Task".
  • Wait a minute, then go to Endpoints > Activities.
  • Filter Task: Check for potential Windows Update Agent issues.
Also check: Ensure the Pause Updates feature is disabled in the Windows Update settings on the affected endpoints.

WSUS Replica Has Not Synced with the Primary (if using WSUS replica)

If you are using a WSUS replica server, the replica may not have synced with the primary yet. 

For more information, see: How often should I sync the WSUS replica to its primary server?

Related articles

Comments

0 comments

Please sign in to leave a comment.