KB4577064 – Breaks Windows Server 2008 DNS


We recently ran into a problem on an older domain running Microsoft Server 2008 SP2 (not R2) as its DNS server. The problem was that the DNS service on the server kept stopping and crashing. This then obviously caused DNS issues throughout the domain. Having ran through a number of updates, removing them one by … Read more

Simple Fix to Windows 8 Features Install Issues

Windows 8 Features Fix

The Windows 8 Features Install Problem If you are using a Windows 8 or 8.1 machine you may come across the requirement to install additional features like .NET Framework 3.5 for some software to work. When you are asked to do this, you will be presented with a screen like the one below: Normally, if … Read more

KB4284826 & KB4284867 Might Break Windows 7 Machines

Microsoft Blue Logo

Microsoft are really outdoing themselves at the moment as it seems that they have released another pair of updates for Windows 7 machines that reboots the computer when connecting to a wireless or VPN connection.

We have had around 40 machines with these two updates that have seen this problem. We have had to remove these from circlation on our corporate network and for external users, we have had to manually remove them and clear out the SoftwareDistribution folder to stop them reinstalling.

Problem Updates

This is what Microsoft have admitted to so far:


A few symptoms they have mentioned, but nothing about wireless or VPN connections being affected – but we have had this problem.

Symptom Workaround
There is an issue with Windows and third-party software that is related to a missing file (oem<number>.inf). Because of this issue, after you apply this update, the network interface controller will stop working.
  1. To locate the network device, launch devmgmt.msc; it may appear under Other Devices.
  2. To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes from the Action menu.

a. Alternatively, install the drivers for the network device by right-clicking the device and selecting Update. Then select Search automatically for updated driver software or Browse my computer for driver software.


Nothing from Microsoft on this one yet, but we have seen problems with it.

So, if you are still experiencing any weird issues with your machines, take a stab at removing these and see if it helps.

How to Remove Problem Updates

If you need some guidance on what to do to remove these or any other updates, be it on a single machine or mass corporation remove, take a look at this post as we have added some instructions towards the end of the post that you may find helpful.


We would love to hear from you if you to are having any issues with these, or indeed any other, Microsoft Updates. Just leave us a message below in our comments section and we will pick them up shortly after you post.

KB4093118 & KB4093108 – Another Faulty Windows Update Released by Microsoft

Microsoft Blue Logo

Microsoft have yet again released another Windows Update which has caused corruption and crashing on Windows computers. We have particularly hit with issues on Windows 7 machines. Although there are reported issues with Server 2008 R2 as well.

So, having spent a few hours searching for todays culprit, we found that the update causing the issue is this one:



We have seen a number of different problems that these updates are causing but our main issue seems to be with RAID and NIC driver issues. In particular the RAID driver with it causing the dreaded Blue Screen of Death (BSOD).


Since posting this, we have also found problems with two other updates which we have posted about here – might be worth checking those out as well if you are continuing to have any problems.

So, what can you do to fix it?

The simple quick fix solution is that you have to uninstall it, but you should also ensure that you have declined it in your WSUS or SCCM or other popular Windows Update system and if you are using SCCM, you could create a task sequence to remove it en masse. You could also use the Approved but for Uninstall in WSUS.

The full correct fix will be for Microsoft to fix it and stop breaking our machines and servers!

If you need to know the command line for removing this update, you should try this just changing the KB reference where required.

C:\Windows\System32\wusa.exe /uninstall /kb:KB4093118 /quiet /norestart

Safe Mode Uninstall

If you are in a position where you need to uninstall these updates, but cannot get into Windows. Go into Safe Mode and uninstall these updates from there. If you need to turn off uninstalls within Safe Mode, we have a guide here that can help you out.


If you have any questions or comments on your experience with these updates, please feel free to leave us a message below in the comments section.

WSUS – Cleanup using Powershell with email notification output



If you are using WSUS in your environment, you may want to run a scheduled task to cleanup old updates and compress some of the larger updates to free up space on your server. A good way of doing this is to run a Powershell script which will take care of all your cleanup requirements and as we are using Powershell, we can even get it to send us an email once it is complete with the output information on what the script has managed to clean up.


First of all, you need to decide on what you actually want to do with the script. This includes whether you want to run it manually or add it as a scheduled task or even a System Center Orchestrator Runbook.

For the purposes of this guide, we are going to run the Powershell script with all available options but manually.

For a local WSUS installation, you should use the script below:

Get-WsusServer | Invoke-WsusServerCleanup -CleanupObsoleteComputers -CleanupObsoleteUpdates -CleanupUnneededContentFiles -CompressUpdates -DeclineExpiredUpdates -DeclineSupersededUpdates

If you want to run the script on a remote server, you can state the server name like below:

Get-WsusServer "WSUSServer" | Invoke-WsusServerCleanup -CleanupObsoleteComputers -CleanupObsoleteUpdates -CleanupUnneededContentFiles -CompressUpdates -DeclineExpiredUpdates -DeclineSupersededUpdates


As you can see from the script above, we are running the cleanup on all options available to us, i.e. Declined Updates. You can add and remove these as you so wish. The parameters available to you are:

  • -CleanupObsoleteComputers
  • -CleanupObsoleteUpdates
  • -CleanupUnneededContentFiles
  • -CompressUpdates
  • -DeclineExpiredUpdates
  • -DeclineSupersededUpdates

Email Parameters

So the above will run manually and then output something like the following within your Powershell window:

WSUS - Cleanup using Powershell with email notification output 1

But what if you want to receive an email with this information on so that you can stay up to date with what the cleanup is doing, especially if you are running it to a schedule. Using Powershell, you can add additional script to your cleanup script to send an email.

To do this, you need to amend your script so it has the email parameters of your local email server and also build an output to the body of the email, so your script should look like this:

$output = Get-WsusServer | Invoke-WsusServerCleanup -CleanupObsoleteComputers -CleanupObsoleteUpdates -CleanupUnneededContentFiles -CompressUpdates -DeclineExpiredUpdates -DeclineSupersededUpdates
Send-MailMessage -from "WSUS PS Cleanup <wsus@techygeekshome.info>" -to "blog@techygeekshome.info" -Subject "WSUS Cleanup Stats" -Body ($output | Out-String) -SmtpServer smtp.techygeekshome.info

You should change the email parameters to suit your local email environment.

When this script is run, it will then output to an email as specified.


You can download the Powershell script as a PS1 file by clicking the link below:

Download WSUS Cleanup PS1


If you have any questions or feedback on this guide, please feel free to leave us a message below and we will get back to you when we can.

SCUP – Adobe Flash Player Updated Catalog


If you have been using System Center Updates Publisher (SCUP) to push out Adobe updates to your end users, then you may have recently noticed that the Flash Player catalog has stopped working.

Well this is due to Adobe having moved where the cab file is for the catalog, but you can easily update the link to the correct one and manually re-add the catalog.

To do this, just follow the simple steps below:

First of all you should start up your SCUP console and click on the “Catalogs” ribbon at the bottom left:

SCUP - Adobe Flash Player Updated Catalog 2

Then click on the “Add” button on the top ribbon:

SCUP - Adobe Flash Player Updated Catalog 3

This will bring up a dialog box which you need to complete as follows:

Catalog Path = https://fpdownload.adobe.com/get/flashplayer/distribution/win/AdobeFlashPlayerCatalog_SCUP.cab

Publisher = Adobe

Name = Flash Player

Description = Flash Player Catalog

Support URL = https://www.adobe.com

So you should end up with a dialog box like this:

SCUP - Adobe Flash Player Updated Catalog 4

Go ahead and click on the OK button to complete the manual creation of the catalog.

You should then be able to click on “Updates” and then the “Import” button and you will now retreive all the Adobe Flash Player updates as normal.


If you have any questions or feedback on this guide, please feel free to leave us a comment below.

WSUS – Windows 10 Feature Upgrades Fail Fix


If you are using WSUS in your environment and you find that your Windows 10 clients are failing to download or install any Feature Upgrades (to 1607 or any CU updates) then you can give this fix a try.

You should first ensure that you have not approved any of these upgrades before installing the KB3095113 update on your WSUS server. If you have, you will need to carry out a deletion and tidy up of your SUSBD. To do this, simply run the below Powershell command (as elevated) on your WSUS server:

# Disable Upgrades Classification

Get-WsusClassification | Where-Object -FilterScript {$_.Classification.Title -Eq “Upgrades”} | Set-WsusClassification -Disable

# delete all update content on the current server belonging to the 1511 release

$wsus = Get-WsusServer
($wsus.SearchUpdates(“Windows 10 Education, version 1511, 10586”)).Count
$wsus.SearchUpdates(“Windows 10 Education, version 1511, 10586”) | foreach { Write-Host “Deleting $($_.Title)” -ForegroundColor Yellow; $wsus.DeleteUpdate($_.Id.UpdateId) }
($wsus.SearchUpdates(“Windows 10 Pro, version 1511, 10586”)).Count
$wsus.SearchUpdates(“Windows 10 Pro, version 1511, 10586”) | foreach { Write-Host “Deleting $($_.Title)” -ForegroundColor Cyan; $wsus.DeleteUpdate($_.Id.UpdateId) }
($wsus.SearchUpdates(“Windows 10 Enterprise, version 1511, 10586”)).Count
$wsus.SearchUpdates(“Windows 10 Enterprise, version 1511, 10586”) | foreach { Write-Host “Deleting $($_.Title)” -ForegroundColor Green; $wsus.DeleteUpdate($_.Id.UpdateId) }

# delete all update content on the current server belonging to the 1607 release

($wsus.SearchUpdates(“Windows 10 Pro, version 1607”)).Count
$wsus.SearchUpdates(“Windows 10 Pro, version 1607”) | foreach { Write-Host “Deleting $($_.Title)” -ForegroundColor Yellow; $wsus.DeleteUpdate($_.Id.UpdateId) }
($wsus.SearchUpdates(“Windows 10 Education, version 1607”)).Count
$wsus.SearchUpdates(“Windows 10 Education, version 1607”) | foreach { Write-Host “Deleting $($_.Title)” -ForegroundColor Cyan; $wsus.DeleteUpdate($_.Id.UpdateId) }
($wsus.SearchUpdates(“Windows 10 Enterprise, version 1607”)).Count
$wsus.SearchUpdates(“Windows 10 Enterprise, version 1607”) | foreach { Write-Host “Deleting $($_.Title) NON EN-US” -ForegroundColor Green; $wsus.DeleteUpdate($_.Id.UpdateId) }
#($wsus.SearchUpdates(“Windows 10 Enterprise, version 1607”) | ? {$_.title -notlike “*en-us*”}).Count
#$wsus.SearchUpdates(“Windows 10 Enterprise, version 1607”) | ? {$_.title -notlike “*en-us*”} | foreach { Write-Host “Deleting $($_.Title) NON EN-US” -ForegroundColor Green; $wsus.DeleteUpdate($_.Id.UpdateId) }

# enable Upgrades classification

Get-WsusClassification | Where-Object -FilterScript {$_.Classification.Title -Eq “Upgrades”} | Set-WsusClassification

# perform full sync
$sub = $s.GetSubscription()

Once you have tidied up your SUSDB and installed the required KB update, you should now make a change on your WSUS servers IIS to allow your clients to get the updates from your WSUS server. To do this, you need to add a MIME type so carry out the below simple steps:

  • Open IIS Manager on your WSUS server
  • Highlight your server name
  • From the ‘IIS’ area in the centre of IIS Manager, open “MIME Types
  • Click “Add…”
  • Enter the information below into the popup box:
    • File name extension: .esd
    • MIME type: application/octet-stream

  • Click OK to close the dialog box

You should now sync your WSUS server and run a Server Cleanup. Then reapprove any upgrades you want to push out and test on a client machine. You should now find that the client will download and install the upgrade without any further issues.


If you have any questions or comments on this guide, please feel free to leave us a message below using comments system.

WSUS Installation Errors on Microsoft Server 2012

Windows Server 2012

We have recently been installing WSUS on a rebuilt Microsoft Server 2012 and found that although the role would install without any issue, when we tried to run the configuration wizard we were getting an error and in the log file it stated:

“Config file did not contain a value “ContentDirectory””

So, first of all, we needed to fix this problem of the role not knowing where to create our WSUS datastore on the server. To do this, go to the following location on the server:


Then you need to edit the following file:


In this file, you need to add the location of where you want your WSUS datastore to be, in our case it is “S:WSUS”, so we will open the XML file and add that into it just after the “PROPERTY” line within a VALUE like below:

 <?xml version="1.0" encoding="utf-16"?>  
 <INSTANCE CLASSNAME="ServerComponent_UpdateServices_Services">  
 <PROPERTY NAME="ContentDirectory" TYPE="string">  
 <PROPERTY NAME="ContentLocal" TYPE="boolean">  

Once you have made these changes, go ahead and save the XML file. You can then try and run the configuration wizard again. This time it should create the “S:WSUS” folder and this may be the end of your issues. However, there are more steps for other issues you may encounter which we did. So, if you run the configuration wizard and it still does not work after the above change, you may then get an error stating the following:

“Config file did not contain a value “InstanceName””

So, this time you will need to edit the following file:


You will need to make a change in that file. You will need to enter the name of your WSUS database, so if we take the default that is created which is “SUSDB” and add that into the XML file just after the “PROPERTY” line within a VALUE like below::

 <?xml version=”1.0″ encoding=”utf-16″?>  
 <INSTANCE CLASSNAME=”ServerComponent_UpdateServices_Database”>  
 <PROPERTY NAME=”InstanceName” TYPE=”string”>  

Then you should go ahead and run the configuration wziard again. Again, this may now fix your issues, but it may not as there are some more changes that may need to be made as in our case!

So, the configuration wizard process may look like it has got further this time but not fully completed and you are now getting an error stating:

“System.Net.Sockets.SocketException (0x80004005): No such host is known”

So, this is where you have to run the configuration process manually using PowerShell. So, go ahead and start up PowerShell but make sure that you have “Run as Admin” so that it is elevated to allow it to make the changes it will need to carry out.

Once you have PowerShell open, you should browse to the following location on the server:

 C:Program FilesUpdate ServicesTools  

You then need to run the “WSUSUTIL.EXE” program within the PowerShell command box with the parameters that you require:

 wsusutil.exe postinstall CONTENT_DIR=S:WSUS SQL_INSTANCE_NAME=SQLSERVER.domain.local  


  • wsusutil.exe – the utility to start the process
  • postinstall – post install configuration
  • CONTENT_DIR=S:WSUS – the location of your WSUS datastore
  • SQL_INSTANCE_NAME=SQLSERVER.domain.local – your WSUS SQL server name

You should now find that your WSUS console will open and is ready to use!

SCUP – Failed to connect to the update server error


We were recently setting up a new WSUS server in our lab and also setting up System Center Updates Publisher (SCUP) and kept getting an error when trying to connect SCUP to WSUS which were installed on the same server. The error we were getting was:

Failed to connect to the update server. Check your update server configuration settings and try connecting again. Request for principal permission failed.”


Turns out that there is a very simple fix for this. All you need to do is to run SCUP elevated as an administrator, so right click on the desktop shortcut and click “Run as Admin”. Then try and connect SCUP to WSUS again and it should now work.

WSUS – Server Clean Up Using Powershell

microsoft windows white logo

If you use WSUS then you will be familiar with running Server Cleanup Wizard which is fine but what if you want to use Powershell? well, you can also use that to run the server cleanup on all your WSUS servers.

By using Powershell you have the option to then automate its running using basic windows task scheduler or something a bit more advanced like Orchestrator Runbooks or build it all in to Service Manager.

So, all you need to do is to take the below Powershell script, save it as a .PS1 file and then run as admin on your WSUS server.

$outFilePath = '.wsuscleanup.txt' [reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") | out-null   
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer();   
$cleanupScope = new-object Microsoft.UpdateServices.Administration.CleanupScope;   
$cleanupScope.DeclineSupersededUpdates = $true      
$cleanupScope.DeclineExpiredUpdates     = $true   
$cleanupScope.CleanupObsoleteUpdates   = $true   
$cleanupScope.CompressUpdates         = $true   
$cleanupScope.CleanupObsoleteComputers = $true   
$cleanupScope.CleanupUnneededContentFiles = $true   
$cleanupManager = $wsus.GetCleanupManager();   
$cleanupManager.PerformCleanup($cleanupScope) | Out-File -FilePath $outFilePath 

If you wish to just download the Powershell script then you can do so from here.

It may take time to complete on your server if you have a lot of cleaning up to do so give it time. The script will create a text file in the same location you ran the script from with the completed values for what it has achieved.

Once complete, check your disk space and you should notice a big change in your free space and your updates will be a lot tidier!


If you have any questions about this guide, please feel free to leave us a message below using our comments system.

System Center Updates Publisher Signing Certificate Step-by-Step Guide

microsoft windows white logo

If you are using WSUS in your environment then you should consider also using System Center Updates Publisher (SCUP) to inject 3rd party updates. You can use SCUP to inject any updates by creating them but also built into the utility are updates for Adobe, HP and Dell. This is great for pushing out updates for programs like Flash Player and Adobe Reader. If you search our blog, you will also find step by step guides to using SCUP for programs like Java.

However, if you are going to use SCUP, then you should also consider setting it up using SSL. To do this, there is an excellent step by step guide available on TechNet here:

SCUP SSL Setup Guide

Using this guide, you can get your SSL setup for SCUP and start pushing out any 3rd party updates you want!

Enabling SSL on WSUS

microsoft windows white logo

If you are using Windows Server Update Services (WSUS) you should enable, where possible, SSL.

To do this is a fairly simple task but needs to be carried out carefully to ensure all your client machines talk to your WSUS server successfully.

There is an excellent step by step guide with images here:

Enabling SSL on Windows Server Update Services (WSUS)

This takes you right through setting up the WSUS server but also the group policy settings for your end user client machines.