Important update for WSUS 4.0 (KB 3095113)

Some of you may know that we are releasing the Windows 10 1511 feature upgrade, which is the first in-place upgrade for Windows 10, to WSUS in the next couple weeks.  To fully enable this deployment scenario, we shipped a patch to WSUS for WS12 and WS12R2 (KB 3095113).  Following this release, we received some questions regarding the applicability of this update.  Such questions included:

  • Is this patch required to support Windows 10?

  • What happens if I don’t install it?

  • Should I wait for the DLC or other non-Hotfix release?

  • Are there any known issues with the release?

 

The simple translation of “Support Windows 10”

You might be asking whether WSUS can recognize, sync/import, and distribute Windows 10 updates without having to receive a patch itself to enable this functionality.  If this is your concern, then you will not need any patches to enable this behavior.  While Windows 10 is indeed a monumental release in our history, from the WSUS perspective it’s just another product in the list, and there’s nothing new to Windows 10 updates (including security updates) that requires WSUS to be modified in order to handle them.  Administrators of WSUS 3.0 SP2 (including SBS 2011) and unpatched WSUS 4.0 will be able to deploy Windows 10 updates, but not feature upgrades.

 

Our preferred translation of “Support Windows 10”

One feature that makes Windows 10 special is delivering Windows as a service.  For the WSUS or SCCM administrator, this means enabling feature upgrades to a new build of Windows.  These upgrades will be processed just like the usual updates, except that once they are approved for installation on WSUS/SCCM-managed machines, they upgrade the entire build, not just some of its binaries.  If you’re a member of the Windows Insider Program, then you’ve already been using this technology for a while (though not via WSUS).  Wiping and loading images in order to refresh your Windows builds can be nothing but a memory, and that’s what is offered here.  It’s especially useful because new Windows 10 builds will be released much more frequently than the one-to-three-year release cycle to which you might be accustomed.  In order for WSUS to support these feature upgrades, it needs to install a patch.  Feature upgrades introduce a new update content file type (and classification, called Upgrades) that will likely only be apparent to the WSUS admin: we’ve done our best to abstract the details from non-enterprise users.

 

As for the quality

Some folks are cautious about updates like KB 3095113 being released with boilerplate text that include verbiage such as “do not install unless you are experiencing this issue.”  Hotfix is our most expedient release vehicle, and we wanted to provide as much time to deploy this ahead of the Windows 10 1511 feature upgrade release to WSUS as possible.  We have tested it the same as we would any Windows Update release, so there is no reason to wait to install the update on your WSUS 4.0 servers.  For your convenience, we’ll be releasing the update more broadly to DLC and Catalog, as well as to WSUS itself, in the first quarter of 2016.  If you prefer to wait for those releases, then please review the caution described next.

 

Important caution

WSUS may be able to see the Windows 10 1511 feature upgrade even if it can’t properly download and deploy the associated packages.  The feature upgrades will become visible as soon as the “Upgrades” classification is checked in the WSUS options for Products and Classifications.  If you attempt to sync any Upgrades without having first installed the recent patch, then you will populate the SUSDB with unusable data that must be cleared before Upgrades can be properly distributed.  This situation is recoverable, but the process is nontrivial and can be avoided altogether if you make sure to install the update before enabling sync of Upgrades.

 

What this means for you

If you are content to wipe and load images for Windows 10 in order to stay on a current build, then simply do not enable sync of Upgrades in your WSUS, and do what you usually do to upgrade your Windows builds.  However, if you ever intend to deploy Windows 10 and fully enable Windows as a service for your enterprise, then you’ll want to deploy the recent patch.  Furthermore, the safest route is to enable sync of Upgrades in your WSUS only after you have installed this patch on all WSUS 4.0 servers that service Windows 10 machines in your environment.

 

Your 1511 upgrade experience

The Windows 10 1511 feature upgrade will be available via WSUS in the next 1-2 weeks (which is when you’ll see the new Upgrades classification), and it will apply to Windows 10 RTM as well as Windows 7 and Windows 8.1 machines.  If you are upgrading from Windows 10 RTM, then the process is highly automated: it will skip the application provisioning stage and all setup steps that require user interaction, and will preserve file associations and other settings by default.  Upgrading from Windows 7 and Windows 8.1 via WSUS will require some end user interaction because the entire platform is changing, not just a build.

 

Feel free to post any questions below, and we’ll clarify as needed.