W7, 64BIT, WMI Hotfixes do date post SP1

by butsch 29. July 2015 06:30


WMI Hotfixes to date 29.07.2015

During IE11 projects we have seen problems with some WMI and WUSA.EXE KB installations. It sometimes seems that the WMI provider

who offers that info hangs or is out of date. Even with some command to refresh it0s stuck. This is a list of Hotfixes we found in that direction

For Existing Windows 7 64BIT Deployments with SP1.


IE11patch Infos:



YES = Installs on W7 SP1 64BIT with all Updates from WSUS do date 29.07.2015

NO = Does not install on same system


001 (YES)





002 (YES)





003 (YES but choose 2617858)

Unexpectedly slow startup or logon process in Windows Server 2008 R2 or in Windows 7


2465990 > SUPERSEEDED > Replaced by > 2617858 (https://support.microsoft.com/en-us/kb/2617858)

2465990 > Windows6.1-KB2465990-v3-x64.msu (Older)

2617858 > Windows6.1-KB2617858-x64.msu (Newer, Superseeds the old one)


004 (YES)





005 (NO)








Client Management | Deployment | Hotfixes / Updates | Scripting | WSUS

Exchange 2010 SP3 RU9 / 2013 CU8, ROLLUP and Android problems

by butsch 26. May 2015 02:16

A remote mailbox user receives the following error message when he or she tries to configure Exchange Active Sync account on an Android device:

Setup could not finish

Failed to search Exchange server automatically. Enter settings manually





If the MobileSyncRedirectBypass feature is causing the problem, you can turn it off by editing the web.config file for the Autodiscover protocol:

  1. Locate the web.config file for the Autodiscover protocol:
    1. For Exchange Server 2013 MBX, the file is in the following location:


    2. For Exchange Server 2010 CAS, the file is in the following location:


  2. Open the web.config in Notepad, and then change the existing string from "true" to "false."
  3. Save the file.
  4. Run IISRESET /Norecycle.

Follow these steps on all CAS servers that will receive Autodiscover queries from devices.


Exchange 2010 | Exchange 2013 | Microsoft Exchange | WSUS

Internet Explorer 9/11 GPO old IE9 not visible / WMI checks

by butsch 17. March 2015 22:31


Problem 1, Internet Explorer Maintenance Tab not visible


E: Internet Explorer Maintenance Tab not visible

D: Internet Explorer Wartung nicht sichtbar (Fehlende Einstellungen der Internet Explorer-Wartung für Internet Explorer 11) (IEM-Einstellungen)


During an Internet Explorer 11 Migration you discover that you can see your old IE8/9 settings which you made under Internet Explorer Maintenance Tab but you can't adapt or change them.

PROXY, Favorites, Quicklinks etc.



You can only modify the OLD IE7/8/9 setting on a DC or ADMIN PC where IE10/11 is NOT installed and you have the GPO management console. So during migration you need two GPO machines

  1. One for the NEW GPO with IE10/11 and RSAT Remote Administration Tools (Or Domain Controller)
  2. One for the OLD GPO with IE8/9 and RSAT Remote Administration Tools


TO install the RSAT GPO management console a Windows 7 Admin PC:

  1. Search and download: Windows6.1-KB958830-x64-RefreshPkg.msu (http://www.microsoft.com/de-de/download/details.aspx?id=7887) [Remoteserver-Verwaltungstools für Windows 7 mit Service Pack 1 (SP1)]
  2. Over Software / Add Windows Features install GPO Console



Now on the GPO machine you can open an edit the old parts from IE7/8/9

Problem 2, WMI Filter because you have two GPO (IE9/11)


Because you PC's with IE9 and IE11 as example you may have to separate the GPO.

This is best done with WMI-Filters or Active Directory user groups:

Here is how to check in WMIExplorer.

SELECT path,filename,extension,version FROM CIM_DataFile WHERE path="\\Program Files\\Internet Explorer\\" AND filename="iexplore" AND extension="exe" AND version like "9.%"

Checks if client has IE9

SELECT path,filename,extension,version FROM CIM_DataFile WHERE path="\\Program Files\\Internet Explorer\\" AND filename="iexplore" AND extension="exe" AND version like "11.%"

Checks if client has IE11



Please also see our post from MSDN Social and Blog:




Fehlende Einstellungen der Internet Explorer-Wartung für Internet Explorer 11


Microsoft HAS made a list what goes where this FROM IE9 to (IEAK or/AND NEW SETTINGS). Most can be done with a clean and good IEAK setup.

https://technet.microsoft.com/de-de/library/jj890998.aspx (Where goes what)

Below is for people or team WHO don't know how to use IEAK (Please be carefull if you don't NEED to change Favorites or PROXY every month)

there is NO need to do the Regsitry HKCU things metioned. This can setup in IEAK 11 setup and then the regular GPO things.










Client Management | Deployment | Hotfixes / Updates | WSUS

WSUS: Windows Fonts Update February KB3013455 (MS15-010) FIXED with 3037639

by butsch 26. February 2015 04:07


After you install security update 3013455 you may notice some text quality degradation in certain scenarios.

This problem occurs on computers that are running the following operating systems:

  • Windows Server 2008 Service Pack 2 (SP2)
  • Windows Server 2003 SP2
  • Windows Vista SP2


Patch defect Fonts:                  KB3013455 (Patchday February 2015 / MS15-010)

Patch corrected Fonts:            KB3037639 (https://support.microsoft.com/kb/3037639/en)



You may have to get rid of Patch if you're Windows Update or WSUS-Client already downloaded it to your system.


Path: "C:\Windows\SoftwareDistribution\Download"

Find following file with:

dir *3013455*.* /s

dir windows6.1-kb3013455-x64-express.cab /s


Just delete the Directory in which you find the File under C:\Windows\SoftwareDistribution\Download

To uninstall on 2008 if you did install already and made the Reboot:

wusa /uninstall /kb:3013455 /quiet /norestart

On 2003 and Vista use Software/ADD-Remove




Client Management | Deployment | Hotfixes / Updates | WSUS

WSUS, Patchday 10/11/12 year 2014 Updates DENY list

by butsch 29. January 2015 02:02

From customer test group feedback, Blogs, Analyze and monitoring we do not recommend following patches without further analyses, manual Controlling any version controlling V2 V3 etc. The patches are confusing because Microsoft does not do any filename_v2 anymore so you can identify the version by filename.

Check blog to see how you script the identification of Patches on OS:



Target: GERMAN and ENGLISH client or Server OS environments. Small Business (KMU) or Enterprise.

Patch DENY Oktober 2014 / 10



KB 2952664,KB 2949927,KB 2995388 (APPV, Frontrange, Filemaker, SNAGIT),KB 3000061 DECLINED wegen Fehlern Vorab



wusa /uninstall /kb:2952664 /quiet /norestart
wusa /uninstall /kb:3000061 /quiet /norestart
wusa /uninstall /kb:2949927 /quiet /norestart
wusa /uninstall /kb:2995388 /quiet /norestart


Patch DENY November 2014


Re-release Microsoft KB 2992611 (V3) gets re-releases on 19.11.2014 and also 09.12.2014

Microsoft KB 3011780 (V2) gets re-releases on 19.11.2014



wusa /uninstall /kb:2992611 /quiet /norestart

wusa /uninstall /kb:3011780 /quiet /norestart



Patch DENY December 2014

KB3004394 (CERTS)

KB3008923 (IE9, MS14-080)

KB2553154 (Office 2010, ActiveX)

KB3011970 (Silverlight)



wusa /uninstall /kb:3004394 /quiet /norestart
wusa /uninstall /kb:3008923 /quiet /norestart
wusa /uninstall /kb:2553154 /quiet /norestart
wusa /uninstall /kb:3011970 /quiet /norestart