No Updates for 2012 R2 Servers activated with ESU activated through Azure Arc

Sai 15 Reputation points
2023-11-17T20:43:02.7366667+00:00

We have two Windows Server 2012 R2 servers which have ESU activated through Azure Arc but no updates are being detected for November patches. I've read through the troubleshooting info and everything looks to be setup correctly. Any ideas on why they're not picking up the updates?

Azure Arc
Azure Arc
A Microsoft cloud service that enables deployment of Azure services across hybrid and multicloud environments.
417 questions
Windows Server 2012
Windows Server 2012
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
1,590 questions
{count} votes

1 answer

Sort by: Most helpful
  1. SwathiDhanwada-MSFT 18,766 Reputation points
    2023-11-21T16:29:07.0866667+00:00

    Sai Derek G. Yarrington abbodi86 John R The information related to this patch is documented here. Sharing the same information below.

    Ensure that both the licensing package and SSU are downloaded for the Azure Arc-enabled server as documented at KB5031043: Procedure to continue receiving security updates after extended support has ended on October 10, 2023.

    If installing the Extended Security Update enabled by Azure Arc fails with errors such as "ESU: Trying to Check IMDS Again LastError=HRESULT_FROM_WIN32(12029)" or "ESU: Trying to Check IMDS Again LastError=HRESULT_FROM_WIN32(12002)", there is a known remediation approach:

    Download this intermediate CA published by Microsoft.

    Install the downloaded certificate as Local Computer under Intermediate Certificate Authorities\Certificates. Use the following command to install the certificate correctly:

    certutil -addstore CA 'Microsoft Azure TLS Issuing CA 01 - xsign.crt'

    Install security updates. If it fails, reboot the machine and install security updates again.

    If you have other issues receiving ESUs after successfully enrolling the server through Arc-enabled servers, or you need additional information related to issues affecting ESU deployment, see Troubleshoot issues in ESU.

    If there are further updates on this issue, I will post it here.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.