Missing DotNet updates on WSUS

vorear 41 Reputation points
2020-08-03T21:44:40.737+00:00

My test machines are missing the following patches despite our WSUS appears to be set correctly.

4565622 / 4565585

4565613 / 4565580

For example, we did find:

  • 2020-07 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4566519)
  • 2020-07 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4566468)

But not

  • Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1, RT 8.1, and Windows Server 2012 R2 (KB4565622)

And https://support.microsoft.com/en-za/help/4565622/kb4565622 says “This update will automatically sync with WSUS…”
In May we had to manually import the missing patches reported by our ACAS (Tenable.SC) scans and it happened again in July.

Our WSUS VM was recently restored from a snapshot but it is working fine in all other respects. Win2012 WSUS 6.3.9600.18828

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,089 questions
0 comments No comments
{count} votes

Accepted answer
  1. AllenLiu-MSFT 44,591 Reputation points Microsoft Vendor
    2020-08-04T07:15:00.893+00:00

    Hi,

    Thanks for posting in Q&A.
    This is by design for .net updates.
    For example of KB4566519, it is actually composed of four small updates:KB4565613, KB4565614, KB4565622, KB4565635:
    15309-12.jpg

    So to avoid too much data in wsus, these four small updates will not show in WSUS console. But when you approve the KB4566519, the clients will only install the required .net update, such as KB4565613.
    So nothing wrong with your WSUS.

    Regards,
    Allen


5 additional answers

Sort by: Most helpful
  1. AllenLiu-MSFT 44,591 Reputation points Microsoft Vendor
    2020-08-04T08:02:48.87+00:00

    Hi,

    Thanks for posting in Q&A.
    This is by design for dot net updates.
    For example of KB4566519, it is actually composed of four small updates:

    So to avoid too much data in wsus, these four small updates will not show in WSUS console. But when you approve the KB4566519, the clients will only install the required dot net update, such as KB4565613.
    So nothing wrong with your WSUS.

    Regards,
    Allen

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.