Another Update (or two) Released that Breaks Task Sequences… Add it to your To Do list.

By Nash Pherson  -

UPDATE 2014/06/18 – It is possible that KB2965788 is not the culprit!  It could in fact be KB2920189 (which supersedes KB2871690 – one of the previously known double-rebooters) that is causing the trouble.  After the story originally broke, we just did offline servicing of all the June updates that supported it, which included both KB2965788 and KB2920189.  Lab testing today and coordination with Microsoft should hopefully get this cleared up.

Heads up – there was another update released to the WSUS/SUM catalog on June 10th, 2014 that requires multiple reboots and will cause task sequences to fail silently, leaving devices in a very broken state.  KB2965788 is a security update that applies to Windows 7, 8, 8.1 and the corresponding Windows Server versions.  The update fixes a vulnerability in RDP that can allow tampering and is rated ‘important’.

It is possible that a second related update, KB2966034, may cause the same multiple reboot issue.  I have not been able to confirm the issue since KB2966034 is only applicable to systems that do not yet have KB2919355 installed. This second update is only available from the WSUS/SUM catalog, and not from Microsoft Update directly.

Microsoft has been documenting updates that will break task sequences in KB2894518 (which has not been updated yet at time of writing):
KB2894518 – Task sequence fails in Configuration Manager if software updates require multiple restarts

Most ConfigMgr admins are already familiar with this little dance of keeping pesky multi-rebooting updates from being deployed during task sequences.  However, there had been a lot of hope that Microsoft would stop releasing these things or add support for them in ConfigMgr.

Last November, there was a good push from the community to get the various teams from Microsoft together to address the issue once and for all.  The Help with an X-Mas Update Miracle article and corresponding Microsoft Connect feedback led to some good discussions at Microsoft, but apparently no clear resolution yet.

I would suggest adding three things to your To Do list today:

  1. Make sure you are handling KB2965788 so it doesn’t affect devices being imaged,
  2. Make sure you have already voted up the Microsoft Connect feedback asking for Microsoft to this once and for all, and
  3. Make sure all your colleagues and peers have voted up the feedback so Microsoft understands the breadth and depth of real world business impacts caused by this issue.

Thanks to Oliver Baty for first writing up that there is a new double rebooter out there.

I hope that helps!

 

Nash

email

Written by , Posted .
  • NN

    I unapproved the KB2965788 and the TS is still failing. Any progress on nailing down which update is the culprit? Thanks for the help!

  • NN

    I packaged up the problem update and installed it manually with a reboot but the issue still occurs. Any options other than baking it into the WIM?

  • Thomas Forsmark Sorensen

    KB2965788 did breake my TS. After removing the update from the updates then my TS ran without any problems.
    I am using ZTIWindowsUpdate.wsf so I just added a task to the TS that would set WUMU_ExcludeKBxxx TS variable so the update would be excluded.

  • Thomas Forsmark Sorensen

    http://support.microsoft.com/kb/2894518 is now official updated to include KB2965788 :-D