Somewhere between the physical and the virtual
An update has been released to resolve issues where System Center Essentials updating Windows 7 SP1- based computers with locally published content may fail with error 0x80070570. Please refer to http://support.microsoft.com/kb/2607070 for more details and download.
This hotfix is expected to be installed individually on all Win7 SP1 machines which are managed by SCE server. However, you can use Software Deployment’ feature in SCE Server to deploy these packages on all Win7 SP1 machines in a single go. Please see "How to Deploy" section below.
Command line parameters for the Package -
These are the command line parameters available for WindowsUpdateAgent30-x86 (KB2607070).
This option helps you to deploy the hotfix on Win7 SP1 machines from SCE server itself in an unattended way.
How to Deploy
Install directly on all Win7 SP1 machines which are managed by SCE server
This is a straight forward install of any typical Microsoft hotfix. You can download the package and launch WindowsUpdateAgent30-x86 (KB2607070) on Win7 SP1 client systems in your SCE environment. Installer will prompt for a reboot if installed in an attended mode. If you use /quiet, it will not prompt for a reboot but then you would need to reboot the system in order to get the patch applied and functional.
What will happen when you use Default Deployment Procedure in SCE using ‘Software Deployment’ feature?
Kindly refer to this TechNet link for additional details on how to create and deploy software packages.
If you install using DISM mechanism as explained below in the blog, you won't encounter these issues and you can overcome them. However, patch gets deployed correctly with an explicit reboot if you follow default flow of local publishing and deploying the package from SCE console. To do that,
3. Please download KB2607070 locally onto your machine from download center.
4. In the New Software Package Wizard provide the path to WindowsUpdateAgent30-x86.exe in the textbox under “Deploy a package from stand-alone setup file” option and click “Next”.
5. Provide package name and package description in the next page of the wizard and click Next.
6. Apply necessary settings in the Target System Types page and click next
7. In the “Install/ Uninstall Parameters” page for quiet installation provide “/quiet” switch in the “Installation Parameter(s)” and click next
8. Click Create button in the Summary page, this creates a package.
9. Select appropriate group of computers in Add and Remove Approvals wizard and click ok, by default Win7 SP1 clients will be listed under “All Windows Client” group.
With these steps, you have published the package for managed Win7 SP1 machines. Now these Win7 SP1 machines can have the published WindowsUpdateAgent30-x86.exe (KB2607070) package available in the Windows Update window.
Admins can set a deadline and this hotfix would be pushed on the user systems even if they don’t install it explicitly. (See highlighted below)
Within few minutes of a specified deadline when package offering is complete, please reboot individual Win7 SP1 systems.
Otherwise, users on managed computers can always install the hotfix on the system before the deadline by obeying the below steps-
3. Select the update deployed on the SCE server and click OK.
4. Click Install Updates button.
5. This will install the update on the client machine by closing the Windows Update client window.
6. We need to restart the client machine for this update to get affected.
Installation using DISM (Deployment Image Servicing and Management) -
* This is based on approach proposed by LGS on SCE TechNet Forum*
You can use an open source tool called RunIt.exe where as DISM is available in system32.
4. Click OK when extraction is complete.
5. Create an empty folder (WUA Update) on desktop.
6. Download runit.exe from web and copy it to newly created WUA Update. Move/Copy 'extracted' folder to WUA Update.
7. Open System Center Essentials.
8. Go to "Software" Click on the “New Package” under “Software Packages” section in “Tasks” pane.
9. Select the “Deploy a package from a setup file requiring additional folders” radio button in the New Software Package Wizard.
10. Provide the Folder Location by browsing to the folder WUA update. Click Ok.
11. To provide the Package setup file, click Browse beside package setup file text box.
12. Select RunIt.exe and click Open. Click Next in the wizard
13. Provide Package Name and Package Description and click Next.
14. Select appropriate target system types as mentioned below and click Next.
15. Map 3010 return code with Success With Reboot, by providing details(Code and Value) and clicking on Add.
16. Click Next.
17. Provide the installation parameters as mentioned below and click Next.
Install Parameters are - /L dism /Online /Add-Package /Packagepath:extracted /quiet /norestart.
Internally Windows update triggers following command. RunIt.exe /L dism /Online /Add-Package /Packagepath:extracted /quiet /norestart
RunIt.exe : invokes the exe file specified after parameter “/L” with the remaining parameters(/Online /Add-Package /Packagepath:extracted /quiet /norestart)
Dism: it is an exe file provided by Windows used for Servicing and management of Deployment image.
Online: Specifies that the action is effect on current windows running image Add-Package: adds the packages specified by PackagePath parameter to the Image /quiet and /norestart: these parameters will be used by the package while install happens on next reboot.
18. Click Create on summary page.
19. Package Creation would get progressed and then click Finish.
20. Add and Remove Approvals window appears. Select appropriate options in this window and click Ok.
21. Within few minutes after the deadline exceeds, you would observe a restart prompt on your machine.
I try to deploy the update with SCE. It gets installed properly but I get the following error in the windowsupdate.log file every few minutes:
2011-09-29 11:22:00:312 900 11e4 Service *************
2011-09-29 11:22:00:312 900 11e4 Service ** START ** Service: Service startup
2011-09-29 11:22:00:312 900 11e4 Service *********
2011-09-29 11:22:00:312 900 11e4 Agent * WU client version 7.6.7600.243
2011-09-29 11:22:00:312 900 11e4 Agent * Base directory: C:\Windows\SoftwareDistribution
2011-09-29 11:22:00:312 900 11e4 Agent * Access type: No proxy
2011-09-29 11:22:00:312 900 11e4 Agent * Network state: Connected
2011-09-29 11:22:00:312 900 11e4 Misc FATAL: Failed to delete file \\?\C:\Windows\SoftwareDistribution\Download\Install\WindowsUpdateAgent30-x64.exe (hr = 80070020) after 0 retries
2011-09-29 11:22:03:593 3772 108c Setup wusetup has finished. Exit code is 0. Reboot is NOT needed
Is it this KB that's breaking the third party updates?
Seems like a few SCE users have problem with third party udpates all of the sudden not being installed. And there seems to be noone or no info on how to solve this. In my case it's the adobe flash updates that arent installed by the agent even though they did work before, are imported and apporved like before.