Mar0820168 Marzo 20168 Marzo 20160Commentidi Ermanno Goletto

Supporto di Windows 10 in WSUS

Pubblicato in IT, Tips

WSUS supporta già nativamente la gestione della sincronizzazione e della distribuzione degli aggiornamenti di Windows 10, ma  non il deploy delle feature upgrades (circa le opzioni di aggiornamento di Windows 10 di veda il mio post Windows 10 Enterprise LTSB).

Per WSUS 4.0, la versione di WSUS in Windows Server 2012 e Windows Server 2012 R2 è stata rilasciata la KB3095113 Update to enable WSUS support for Windows 10 feature upgrades che risolve anche l’issue che mostra in WSUS i computer con Windows 10 come Windows Vista, ma vanno tenti presenti le seguenti avvertenze prima di procedere all’installazione dell’hotfix:

“This hotfix enables Windows Server Update Services (WSUS) on a Windows Server 2012-based or a Windows Server 2012 R2-based server to sync and distribute feature upgrades for Windows 10. This hotfix is not required to enable WSUS to sync and distribute servicing updates for Windows 10.

Important This update must be installed before you sync the upgrades classification. If the update is not installed when the upgrades classification is enabled, WSUS will see the Windows 10 build 1511 feature upgrade even if it can’t properly download and deploy the associated packages. If you try to sync any upgrades without having first installed KB 3095113, you will populate the SUSDB with unusable data that must be cleared before upgrades can be properly distributed.  This situation is recoverable but the process is nontrivial and can be avoided altogether if you make sure to install the update before enabling sync of upgrades.  If you have encountered this issue, refer to the following article: How to delete upgrades in WSUS.

For more information about Windows 10 servicing and how feature upgrades and servicing updates differ, see the following TechNet topic:
Introduction to Windows 10 servicing.

This hotfix also fixes an issue in which Windows 10-based computers are displayed as “Windows Vista” on Windows Server 2012 R2 or Windows Server 2012.

Important If you install a language pack after you install this hotfix, you must reinstall this hotfix. Therefore, we recommend that you install any language packs that you need before you install this hotfix.

Prerequisites: To apply this hotfix in Windows Server 2012 R2, you must have April 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355).

Va però precisato che dal momento che anche senza questa hotfix WSUS può gestire gli aggiornamenti di sicurezza dei computer con Windows 10 se non vi è la specifica esigenza di distribuire delle  feature upgrades è possibile attendere il rilascio dell’update, a riguardo si veda il post Important update for WSUS 4.0 (KB 3095113) del team di WSUS in cui si prevede il rilascio dell’update per il primo trimestre del 2016.

“Some folks are cautious about updates like KB 3095113 being released with boilerplate text that include verbiage such as “do not install unless you are experiencing this issue.”  Hotfix is our most expedient release vehicle, and we wanted to provide as much time to deploy this ahead of the Windows 10 1511 feature upgrade release to WSUS as possible.  We have tested it the same as we would any Windows Update release, so there is no reason to wait to install the update on your WSUS 4.0 servers.  For your convenience, we’ll be releasing the update more broadly to DLC and Catalog, as well as to WSUS itself, in the first quarter of 2016.  If you prefer to wait for those releases, then please review the caution described next.”

WSUS may be able to see the Windows 10 1511 feature upgrade even if it can’t properly download and deploy the associated packagesThe feature upgrades will become visible as soon as the “Upgrades” classification is checked in the WSUS options for Products and Classifications.  If you attempt to sync any Upgrades without having first installed the recent patch, then you will populate the SUSDB with unusable data that must be cleared before Upgrades can be properly distributed.  This situation is recoverable, but the process is nontrivial and can be avoided altogether if you make sure to install the update before enabling sync of Upgrades.  If you have encountered this issue, then please stay tuned for an upcoming KB article that details the recovery steps.”

If you are content to wipe and load images for Windows 10 in order to stay on a current build, then simply do not enable sync of Upgrades in your WSUS, and do what you usually do to upgrade your Windows buildsHowever, if you ever intend to deploy Windows 10 and fully enable Windows as a service for your enterprise, then you’ll want to deploy the recent patch.  Furthermore, the safest route is to enable sync of Upgrades in your WSUS only after you have installed this patch on all WSUS 4.0 servers that service Windows 10 machines in your environment.”

Per altri dettagli si veda il post Important update for WSUS 4.0 (KB 3095113).