If you’re like me, you’re deferring updates, so this may take some hunting.
This issue affects all versions of Windows; check CVE-2018-0886 for a list of KB numbers by Windows version.
Cluster-Aware Updating (CAU) is an exciting new feature that we have added in Windows Server 2012 that addresses precisely this gap.
Here are the steps I usually follow to get the machines listed in the WSUS management console. Assuming you are deploying your WSUS settings by GPO, make sure the machine in question is actually trying to apply the policy, you can do this by running like so: Or by running gpresult /R from command line Note: If you cannot see Computer Policy / Computer Settings, i.e.
you can only see user settings, then you are probably not running the command window as ‘Administrator’ (Locate In the Search/Run box type Locate the Windows Update service and ensure it is running. Then locate the Background Intelligent Transfer Service and make sure that’s also running. To make sure the client can see the WSUS website, open a browser window, and navigate to make sure you can open/download the file. If all the above is OK, you can try forcing a registration with the following command; 9.
16/04/12 Before you start troubleshooting clients, how long have you waited?
I usually setup and configure WSUS up at the start of a job, then leave it alone for a few DAYS, before I start worrying.
You should now be able to edit the new group policy: Computer Configuration set Encryption Oracle Remediation to Mitigated on unpatched servers or you will lose the ability to RDP from patched clients. if the connection fails, Remote Desktop will show this message: This is accompanied by the following error in the client’s event log: Log Name: Microsoft-Windows-Terminal Services-RDPClient/Operational Source: Microsoft-Windows-Terminal Services-Client Active XCore Event ID: 226 Task Category: RDP State Transition Level: Warning Description: RDPClient_SSL: An error was encountered when transitioning from Ts Ssl State Handshake In Progress to Ts Ssl State Disconnecting in response to Ts Ssl Event Handshake Continue Failed (error code 0x80004005).
Set Encryption Oracle Remediation to Vulnerable until the server is patched.Applying group policy to make the connection Vulnerable is the best solution.Uninstalling the May client patch is not the best solution.Sometimes if you image a machine (Or clone a VM) it keeps it’s unique update ID, if this happens then the first machine with this ID to register gets listed, and all the rest do not.To find out if this is your problem, locate and stop the Windows update service on an affected client. Open the registry Editor and navigate to: Windows Server Update Services – Install and Configure (2008 R2) WSUS Install Error – ‘The update could not be found.“Patch Lady” Susan Bradley has some helpful explanations on Ask Woody about Microsoft KB4093942, “Cred SSP updates for CVE-2018-0886.” She mentions that you can prepare for the updates by setting group policy before they are installed.