W10 Update Deployment Silent, certain not used old DLL in OEM Install paths BLOCKS update c:\drivers or c:\SWSETUP

 

Microsoft W10 Update to 1909 failed because the pre Check found the certain DLL somewhere under the c:\drivers or C:\SWSETUP olders. (APP/Software or driver was not installed, Update block by JUST finding the Certain DLL somewhere on certain paths used by certain Producer/OEM.

Often used paths for drivers and where W10 Update tried to find add. Info about a system and what was installed (Beside Software, Registry and Windows-Installer Cache/DB).

  • HP > C:\SWSETUP\
  • DELL > c:\DRIVERS\
  • Our deployment solution > c:\DRIVERS\

We just had a case where we update W10 1709 to 1909 through a Deployment solution. Updates of HP Laptop failed.

If we installed the Update manual we did see that the "Infineon TPM Professional Package" was blocking. But the software was not installed.

 

Reason for W10 Update failing:

At that customer we use c:\drivers\ for our deployment structure on HP (Like Dell does > By the way don't use c:\drivers for your own packages/batch on DELL systems it will break some DELL batches).

Under that structure we have a library of certain most used HP Service Packs. There was one which included an Infineon TPM driver. Just by searching through those files

Microsoft thinks the drivers IS installed a Blocks the update. The driver was not installed on the system.

Solution:

Just delete those Directory and files if you don't reference them and they are not used MSI-Source files on the system you handle the update. On HP systems you can even rename the folder like from C:\SWSETUP\ to C:\_SWSETUP\ and it will work.

Where we found that info:

We silent deploy the 1909 there will following command line which gives us detailed Debug Log Info:

c:\drivers\setup\CUSTOMER_W10_1909\setup.exe /auto upgrade /copylogs \\SERVER\w10_1909$\CLIENTS_DEBUG\%computername% /DiagnosticPrompt enable /Priority Normal /postoobe c:\drivers\setup\CUSTOMER_W10_1909\CUSTOMER_W10_ENDE_OK.cmd /postrollback c:\drivers\setup\CUSTOMER_W10_1909\CUSTOMER_W10_ROLLBACK.cmd /Quiet /ShowOOBE none /telemetry disable /compat IgnoreWarning /DynamicUpdate disable /migratedrivers all

In these Logfiles then you will find the reason why he did not upgrade. You will also see why if you skip the OPTIONS: /Quiet /ShowOOBE none

search over all log files for "StatusDetail="UpgradeBlock"

It will be found in the logfile Compatdata*.xml

Here is the info regarding the Block within the XML File:

<Program IconId="ifxspmgt.exe_f069054697b0a0ae" Id="0006c5c9b5d907dd9c81f4d74bb61beb7e3900000904" Name="Infineon TPM Professional Package">

<CompatibilityInfo BlockingType="Hard" StatusDetail="UpgradeBlock"/>

<Action Name="ManualUninstall" ResolveState="NotRun" DisplayStyle="Text"/>

</Program></Programs>

The where the files that Windows 10 Update found BUT where not installed on the system.

Just delete the files if unused and the update will do it what it should.

 

 

BACKUP configuration of Vmware ESXI with POWERCLI

Backup the config from a VMware ESXI free Version up to 6.7.

There is a nice way to backup the free ESXi configuration settings into one file. This us usefull to document the ESXi before you update it and don't want to make 200 screenshots.

  1. Download and Install POWERCLI from VMware.

https://my.vmware.com/group/vmware/downloads/details?downloadGroup=PCLI650R1&productId=491

 

  1. Start Power shell elevated (As Administrator)
  2. set-executionpolicy remotesigned
  3. run from "C:\Program Files (x86)\VMware\Infrastructure\PowerCLI\Scripts"

    .\Initialize-PowerCLIEnvironment.ps1

  1. Do the backup

set-executionpolicy remotesigned -Confirm:$False

Set-PowerCLIConfiguration -InvalidCertificateAction ignore -Confirm:$False

Connect-VIServer -Server 192.168.35.90 -User root -Password **********

Get-VMHostFirmware -VMHost 192.168.35.90 -BackupConfiguration -DestinationPath C:\20_SERVER_ESX_ASUS_P11C-M4L\03_ESX_CONFIG_BACKUP

Disconnect-VIServer -Server 192.168.35.90 -Confirm:$False

 

 

POWER CLI

C:\> Set-PowerCLIConfiguration -InvalidCertificateAction ignore -Confirm:$False

Scope ProxyPolicy DefaultVIServerMode InvalidCertificateAction DisplayDeprecationWarnings WebOperationTimeout

Seconds

----- ----------- ------------------- ------------------------ -------------------------- -------------------

Session UseSystemProxy Multiple Ignore True 300

User

AllUsers Ignore

 

 

C:\> Connect-VIServer -Server 192.168.35.90 -User root -Password imelsasswohntdegillesim

Name Port User

---- ---- ----

192.168.35.90 443 root

 

 

C:\> Get-VMHostFirmware -VMHost 192.168.35.90 -BackupConfiguration -DestinationPath C:\20_SERVER_ESX_ASUS_P11C-M4L\03_ESX_CONFIG_BACKUP

Host Data

---- ----

192.168.35.90 20_SERVER_ESX...

 

 

C:\> Disconnect-VIServer -Server 192.168.35.90 -Confirm:$False

 

 

 

 

 

Restore from the backup would be:

 

set-executionpolicy remotesigned -Confirm:$False

Set-PowerCLIConfiguration -InvalidCertificateAction ignore -Confirm:$False

Connect-VIServer -Server 192.168.35.90 -User root -Password **********

Set-VMHostFirmware -VMHost 192.168.35.90 -Restore -SourcePath C:\20_SERVER_ESX_ASUS_P11C-M4L\03_ESX_CONFIG_BACKUP \configBundle-192.168.35.90.tgz -HostUser root -HostPassword **

Disconnect-VIServer -Server 192.168.35.90 -Confirm:$False

 

 

You can view the config if you UNPACK 10x TAR and ZIP files from the backup file:

 

 

 

VMware Link:

https://kb.vmware.com/s/article/2042141

 

WMI Filter for GPO WIN 10 and 1709, 1803, 1809, 1903, 1909

Here is how to catch different Windows 10 OS release within WMI.

We used this the first time during a 1709 > 1909 Migration where we wanted to push customer startlayout.xml (Different new syntax and command for W10 1909)

with GPO ONLY to the 1909 clients. SBS/KMU seamless upgrades but often forget to handle GPO Policy side during the upgrade process. If you wan to modify

The startlayout/startmenu tiles this is often the first place you will need the WMI filters.

 

W10 Version Info:

Major   Minor   Version Build      Info       Released

10           0             1607       14393    2016 RTM LTSC 09/26/2016

10           0             1709       16299    2016 SAC            10/17/2017

10           0             1803       17134    2016 SAC            04/30/2018

10           0             1809       17763    2019 LTSC           11/13/2018

10           0             1903       18362    2019 SAC            5/21/2019

10           0             1909       18363    2019 SAC            11/12/2019

 

WMI Query to check which version you run of Windows 10.

NAMEPSPACE: Root\CIMv2

W10 1607:

SELECT * FROM Win32_OperatingSystem where version like '10%' and producttype='1' and BuildNumber = "14393"

W10 1709:

SELECT * FROM Win32_OperatingSystem where version like '10%' and producttype='1' and BuildNumber = "16299"

W10 1803:

SELECT * FROM Win32_OperatingSystem where version like '10%' and producttype='1' and BuildNumber = "17134"

W10 1809:

SELECT * FROM Win32_OperatingSystem where version like '10%' and producttype='1' and BuildNumber = "17763"

W10 1903:

SELECT * FROM Win32_OperatingSystem where version like '10%' and producttype='1' and BuildNumber = "18362"

W10 1909:

SELECT * FROM Win32_OperatingSystem where version like '10%' and producttype='1' and BuildNumber = "18363"

 

https://docs.microsoft.com/en-us/windows/win32/wmisdk/wql-sql-for-wmi

GPO WMI FILTER

Based on above info from us you can build the GPO filter for each W10 version.

 

Example: Use the Paessler WMI tester to check

If the query was successful then you get FEEDBACK from the Query (if not it would be empty)

 

Please also check these WMI related links from us:

http://www.butsch.ch/post/W10-Enable-Remote-Management-for-WMI-from-Commandline-silent.aspx

http://www.butsch.ch/post/How-to-identify-WSUSWindows-Update-Patches-installed-on-a-Windows-7-in-Batch.aspx

http://www.butsch.ch/post/Script-WMI-Fetch-modell-BIOS-Version-with-VB-like-SM_info-from-Dell.aspx

http://www.butsch.ch/post/Internet-Explorer-911-GPO-old-IE9-not-visible-WMI-checks.aspx

http://www.butsch.ch/post/IE11-GPO-Settings-PROXY-Explained-F5-F8.aspx

 


 
 

Deployment: Adobe goes Complete nuts!

Not only they keep us jumping around in Deployment for almost 10 years now.

Just by the time they Release a new unsecure Flash Player each 2 weeks they decide to cancel

the open Download portal and exist that every customer signs the Enterprise Agreement. 75%

of the people who use that Link have Millions and Billions of Adobe Acrobat and Photoshop running.

You not gone get any more customer Adobe!

 

 

I like Flash and in switzerland there where companys who Made Great Flash Games 15 years ago

…But enough is enough now….

 

http://www.butsch.ch/post/Deployment-Flash-22-Juni-2016-Release.aspx

 

https://www.adobe.com/products/flashplayer/distribution3.html

 

Deployment: Flash 22 Juni 2016 Release

It's time to Update Flash to latest Release:

https://www.adobe.com/products/flashplayer/distribution3.html

https://helpx.adobe.com/flash-player/release-note/fp_22_air_22_release_notes.html

See on how to migrate from an old Post from us. And check the Flag, Filenames and Versions to check from below for June 2016 Version 20.06.2016.

http://www.butsch.ch/post/Adobe-Flash-11-1101152-Siletn-Install-and-Migration-from-Vetrsion-10X.aspx

Release

OLD: 21.0.0.242

NEW: 22.0.0.192

OCX File

OLD: Flash32_21_0_0_242.ocx

NEW: Flash32_22_0_0_192.ocx

OCX File

OLD: Flash64_21_0_0_242.ocx

NEW: Flash64_22_0_0_192.ocx

Filename Installer

OLD: install_flash_player_21_active_x.exe

NEW: install_flash_player_22_active_x.exe