Failover Cluster validation shows missing updates in Windows Server 2008 R2 even though Windows Update has none to offer
Hi Everyone, Today I am going to talk about one of the most common issues that we see when we talk about patching compliance of cluster nodes. Sometimes, when you run a validation, you see that the nodes complain about missing software updates even though when you scan your machine against your patching tool, it shows ‘No Software Updates available’. Windows Updates shows similar results.
The validation report may look like
In this case, when you check the files updated by KB056572, KB952004 and KB951066, you would see that the file is already of a later version. Also, when you try to install any of these updates, it says:
While this is true, it doesn’t help you justify the warning in the cluster validation report.
So why does this happen?
This happens because the cluster gets the list of install updates by issuing a WMI query which is similar to what gets issues when you run ‘Get-Hotfix’ in PowerShell and does a compare of both to get this information. Even though you might have a different version of the update now, at some point you would have had different update levels on the nodes. Please note that this was a deviation from Microsoft’s recommendation for failover clustering that the nodes have the same software updates. Also, this is the reason that it is a warning in cluster validation and is not registered as an error.
How to validate if you are hitting a false positive?
- Check the KB number in the validation. Let’s assume it’s KBXXXXXX.
- Go to https://support.microsoft.com/kb/**XXXXXX** where XXXXXX is the KB number.
- Check the column that says ‘File Version’ and check the tab Version over there.
- Go to C:\windows\system32\drivers or C:\windows\system32 and go to Properties>Details.
- If the version on the File>= Version in the KB, it is a false positive and can be ignored.
Note: Starting Windows Server 2012, Cluster checks for the file version as well. You would not receive this issue on Windows Server 2012. This was because not everyone followed the recommendation of ‘Same software update level’ at all times.
Hope this helps.
Anirudh Gandhi
Support Escalation Engineer | Microsoft Windows Core
Disclaimer : This information is provided ‘as-is’ with no warranties
Comments
- Anonymous
July 03, 2016
Hi Anirudh,I received the same message for Windows 2012 R2. Windows updates do not report any missing updates.any suggestionsCheersAjay- Anonymous
September 09, 2016
The comment has been removed
- Anonymous
- Anonymous
July 15, 2016
Hi Anirudh, Thank for the post, i am having this issue , and both of my node have have no updates available however one of my node is missing "KB2836943"but when i am trying to download and install i am getting "update are not aplicable for your computer" error message. i was following up with your instruction but on step 4i got lost , can you please specify which file do i have to look for properties /details under C:\windows\system32 folder , i would much appreciate for your prompt reply.Thanks- Anonymous
September 09, 2016
The comment has been removed
- Anonymous