Closed auxbit closed 3 months ago
KB2267602
Is a very problematic update where I've found Microsoft release a new patch roughly every hour and 1/3 times is extremely problematic with trying to install. The following code was recently added with https://github.com/ansible-collections/ansible.windows/commit/9bb5483a6f8821d16a849245303652af2f5d3e81 and is part of the ansible.windows 2.1.0 release.
What the code does is detect if the Windows Update API failed to install that specific KB and use a workaround process using MpCmdRun.exe
to try and update the definitions which I've found is able to handle that 1/3 problematic update. Please update your ansible.windows
version to at least 2.1.0
(which means also updating your Ansible version) and try again.
If you are on Server Core, there is a fix from Microsoft https://learn.microsoft.com/en-gb/answers/questions/1568326/update-kb5034439-should-not-appear-as-pending-in-a reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /f /v WinREVersion /t REG_SZ /d "10.0.20348.2201"
If you are on Server full you need to increase the size of the winre parition from the default size. https://support.microsoft.com/en-gb/topic/kb5034441-windows-recovery-environment-update-for-windows-10-version-21h2-and-22h2-january-9-2024-62c04204-aaa5-4fee-a02a-2fdea17075a8
Closing as per the above, thanks for the info.
SUMMARY
Hi everyone,
I'm trying to automate Windows Updates on my servers using Ansible. I created a dedicated Administrator user on the machine to run updates with Ansible.
The updates start, but they don't install. I always get an error. I've tried on multiple installations, but the result is always an update error. However, I haven't seen this issue with Windows 11, for example, only with the Server version.
If I start this updates manually with Windows Update is going to install without problems.
ISSUE TYPE
COMPONENT NAME
win.update
ANSIBLE VERSION
ansible 2.10.8 config file = None configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3/dist-packages/ansible executable location = /usr/bin/ansible python version = 3.10.12 (main, Nov 20 2023, 15:14:05) [GCC 11.4.0]
COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT
Windows Server 2022
STEPS TO REPRODUCE
name: Update Windows hosts: windows
tasks:
EXPECTED RESULTS
ACTUAL RESULTS
TASK [Install all security updates with automatic reboots] ***** An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at Invoke-WithPipeOutput,: line 1005
fatal: [dc2.auxbit.it]: FAILED! => {"changed": true, "failed_update_count": 1, "filtered_updates": {"ea67cabb-aaf1-4482-a9aa-d6048b7bc15f": {"categories": ["Definition Updates", "Microsoft Defender Antivirus"], "downloaded": false, "filtered_reason": "category_names", "filtered_reasons": ["category_names"], "id": "ea67cabb-aaf1-4482-a9aa-d6048b7bc15f", "installed": false, "kb": ["2267602"], "title": "Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.405.802.0) - Current Channel (Broad)"}}, "found_update_count": 1, "installed_update_count": 0, "msg": "Failed to install all updates - see updates for more information", "reboot_required": false, "rebooted": false, "updates": {"a8a2d6e3-c6dc-4eb8-bcfb-8c8c7d947899": {"categories": ["Microsoft Server operating system-21H2", "Security Updates"], "downloaded": false, "failure_hresult_code": 2147944003, "failure_msg": "Unknown WUA HRESULT 2147944003 (UNKNOWN 0x80070643)", "id": "a8a2d6e3-c6dc-4eb8-bcfb-8c8c7d947899", "installed": false, "kb": ["5034439"], "title": "2024-01 Security Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5034439)"}}}
or the Event Viewer of Windows is writing this: Installation Failure: Windows failed to install the following update with error 0x8024200B: 2024-01 Security Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5034439).