W7, 64BIT, WMI Hotfixes do date post SP1

by butsch 29. July 2015 06:30

 

WMI Hotfixes to date 29.07.2015

During IE11 projects we have seen problems with some WMI and WUSA.EXE KB installations. It sometimes seems that the WMI provider

who offers that info hangs or is out of date. Even with some command to refresh it0s stuck. This is a list of Hotfixes we found in that direction

For Existing Windows 7 64BIT Deployments with SP1.

 

IE11patch Infos:

http://www.butsch.ch/post/IE11-IEAK-11-Setup-9-PRE-Deployment-Patches-2b-1-Hotfix.aspx

 

YES = Installs on W7 SP1 64BIT with all Updates from WSUS do date 29.07.2015

NO = Does not install on same system

 

001 (YES)

https://support.microsoft.com/en-us/kb/2705357

2705357

Windows6.1-KB2705357-v2-x64.msu

 

002 (YES)

http://support.microsoft.com/kb/2692929

2692929

Windows6.1-KB2692929-x64.msu

 

003 (YES but choose 2617858)

Unexpectedly slow startup or logon process in Windows Server 2008 R2 or in Windows 7

http://support.microsoft.com/kb/2465990

2465990 > SUPERSEEDED > Replaced by > 2617858 (https://support.microsoft.com/en-us/kb/2617858)

2465990 > Windows6.1-KB2465990-v3-x64.msu (Older)

2617858 > Windows6.1-KB2617858-x64.msu (Newer, Superseeds the old one)

 

004 (YES)

https://support.microsoft.com/en-us/kb/2492536

2492536

Windows6.1-KB2492536-x64.msu

 

005 (NO)

https://support.microsoft.com/en-us/kb/982293

982293

Windows6.1-KB982293-x64.msu

 

 

 

Tags:

Client Management | Deployment | Hotfixes / Updates | Scripting | WSUS

Exchange 2010 SP3 RU9 / 2013 CU8, ROLLUP and Android problems

by butsch 26. May 2015 02:16

A remote mailbox user receives the following error message when he or she tries to configure Exchange Active Sync account on an Android device:

Setup could not finish

Failed to search Exchange server automatically. Enter settings manually

https://support.microsoft.com/en-us/kb/3035227?wa=wsignin1.0

http://blogs.technet.com/b/exchange/archive/2015/03/17/announcing-update-rollup-9-for-exchange-server-2010-service-pack-3.aspx

http://www.microsoft.com/en-us/download/details.aspx?id=46372

Solution:

If the MobileSyncRedirectBypass feature is causing the problem, you can turn it off by editing the web.config file for the Autodiscover protocol:

  1. Locate the web.config file for the Autodiscover protocol:
    1. For Exchange Server 2013 MBX, the file is in the following location:

      %ExchangeInstallPath%\ClientAccess\Autodiscover

    2. For Exchange Server 2010 CAS, the file is in the following location:

      %ExchangeInstallPath%\ClientAccess\Autodiscover

  2. Open the web.config in Notepad, and then change the existing string from "true" to "false."
  3. Save the file.
  4. Run IISRESET /Norecycle.

Follow these steps on all CAS servers that will receive Autodiscover queries from devices.

Tags:

Exchange 2010 | Exchange 2013 | Microsoft Exchange | WSUS

Internet Explorer 9/11 GPO old IE9 not visible / WMI checks

by butsch 17. March 2015 22:31

 

Problem 1, Internet Explorer Maintenance Tab not visible

 

E: Internet Explorer Maintenance Tab not visible

D: Internet Explorer Wartung nicht sichtbar (Fehlende Einstellungen der Internet Explorer-Wartung für Internet Explorer 11) (IEM-Einstellungen)

 

During an Internet Explorer 11 Migration you discover that you can see your old IE8/9 settings which you made under Internet Explorer Maintenance Tab but you can't adapt or change them.

PROXY, Favorites, Quicklinks etc.

 

Solution:

You can only modify the OLD IE7/8/9 setting on a DC or ADMIN PC where IE10/11 is NOT installed and you have the GPO management console. So during migration you need two GPO machines

  1. One for the NEW GPO with IE10/11 and RSAT Remote Administration Tools (Or Domain Controller)
  2. One for the OLD GPO with IE8/9 and RSAT Remote Administration Tools

 

TO install the RSAT GPO management console a Windows 7 Admin PC:

  1. Search and download: Windows6.1-KB958830-x64-RefreshPkg.msu (http://www.microsoft.com/de-de/download/details.aspx?id=7887) [Remoteserver-Verwaltungstools für Windows 7 mit Service Pack 1 (SP1)]
  2. Over Software / Add Windows Features install GPO Console

 

 

Now on the GPO machine you can open an edit the old parts from IE7/8/9

Problem 2, WMI Filter because you have two GPO (IE9/11)

 

Because you PC's with IE9 and IE11 as example you may have to separate the GPO.

This is best done with WMI-Filters or Active Directory user groups:

Here is how to check in WMIExplorer.

SELECT path,filename,extension,version FROM CIM_DataFile WHERE path="\\Program Files\\Internet Explorer\\" AND filename="iexplore" AND extension="exe" AND version like "9.%"

Checks if client has IE9

SELECT path,filename,extension,version FROM CIM_DataFile WHERE path="\\Program Files\\Internet Explorer\\" AND filename="iexplore" AND extension="exe" AND version like "11.%"

Checks if client has IE11

 

 

Please also see our post from MSDN Social and Blog:

http://www.butsch.ch/post/IE11-IEAK-11-Setup-9-PRE-Deployment-Patches-2b-1-Hotfix.aspx

 

MSDN:

Fehlende Einstellungen der Internet Explorer-Wartung für Internet Explorer 11

https://msdn.microsoft.com/de-de/library/dn338129.aspx

Microsoft HAS made a list what goes where this FROM IE9 to (IEAK or/AND NEW SETTINGS). Most can be done with a clean and good IEAK setup.

https://technet.microsoft.com/de-de/library/jj890998.aspx (Where goes what)

Below is for people or team WHO don't know how to use IEAK (Please be carefull if you don't NEED to change Favorites or PROXY every month)

there is NO need to do the Regsitry HKCU things metioned. This can setup in IEAK 11 setup and then the regular GPO things.

 

https://thommck.wordpress.com/2013/11/08/the-new-way-to-configure-internet-explorer-proxy-settings-with-group-policy/

http://www.alexheer.co.uk/it-blog/configuring-ie11-settings-via-group-policy

http://blogs.msdn.com/b/asiatech/archive/2014/05/12/how-to-apply-the-content-of-ie-settings-in-gpo-which-used-iem-ie-maintenance-before-ie10-to-ie10-version-since-iem-has-been-deprecated-begin-from-ie10.aspx

 http://www.windowspro.de/wolfgang-sommergut/zentrale-ie-konfiguration-internet-explorer-wartung-vs-gpo-vs-ieak

http://blogs.msdn.com/b/asiatech/archive/2014/12/16/how-to-apply-favorites-amp-links-to-ie10-ie11-in-gpo-without-iem.aspx

 

 

Tags:

Client Management | Deployment | Hotfixes / Updates | WSUS

WSUS: Windows Fonts Update February KB3013455 (MS15-010) FIXED with 3037639

by butsch 26. February 2015 04:07

 

After you install security update 3013455 you may notice some text quality degradation in certain scenarios.

This problem occurs on computers that are running the following operating systems:

  • Windows Server 2008 Service Pack 2 (SP2)
  • Windows Server 2003 SP2
  • Windows Vista SP2

 

Patch defect Fonts:                  KB3013455 (Patchday February 2015 / MS15-010)

Patch corrected Fonts:            KB3037639 (https://support.microsoft.com/kb/3037639/en)

 

http://answers.microsoft.com/en-us/windows/forum/windows_vista-windows_update/kb3013455-ms15-010-causes-font-corruption/8640d38d-19bd-46b6-9af0-6213c05107d3

You may have to get rid of Patch if you're Windows Update or WSUS-Client already downloaded it to your system.

 

Path: "C:\Windows\SoftwareDistribution\Download"

Find following file with:

dir *3013455*.* /s

dir windows6.1-kb3013455-x64-express.cab /s

 

Just delete the Directory in which you find the File under C:\Windows\SoftwareDistribution\Download

To uninstall on 2008 if you did install already and made the Reboot:

wusa /uninstall /kb:3013455 /quiet /norestart

On 2003 and Vista use Software/ADD-Remove

 

 

Tags:

Client Management | Deployment | Hotfixes / Updates | WSUS

WSUS, Patchday 10/11/12 year 2014 Updates DENY list

by butsch 29. January 2015 02:02

From customer test group feedback, Blogs, Analyze and monitoring we do not recommend following patches without further analyses, manual Controlling any version controlling V2 V3 etc. The patches are confusing because Microsoft does not do any filename_v2 anymore so you can identify the version by filename.

Check blog to see how you script the identification of Patches on OS:

http://www.butsch.ch/post/How-to-identify-WSUSWindows-Update-Patches-installed-on-a-Windows-7-in-Batch.aspx

 

Target: GERMAN and ENGLISH client or Server OS environments. Small Business (KMU) or Enterprise.

Patch DENY Oktober 2014 / 10

http://www.butsch.ch/post/Microsoft-Patchday-October-2011-1110201112102011.aspx

http://www.butsch.ch/post/Microsoft-October-2014-Windows-Updates-problems.aspx

KB 2952664,KB 2949927,KB 2995388 (APPV, Frontrange, Filemaker, SNAGIT),KB 3000061 DECLINED wegen Fehlern Vorab

 

UNINSTALL:

wusa /uninstall /kb:2952664 /quiet /norestart
wusa /uninstall /kb:3000061 /quiet /norestart
wusa /uninstall /kb:2949927 /quiet /norestart
wusa /uninstall /kb:2995388 /quiet /norestart

 

Patch DENY November 2014

http://www.butsch.ch/post/Microsoft-Updates-2992611-3011780-18192112014-re-releases-ExchangeIISDCe28099s.aspx

Re-release Microsoft KB 2992611 (V3) gets re-releases on 19.11.2014 and also 09.12.2014

Microsoft KB 3011780 (V2) gets re-releases on 19.11.2014

 

UNINSTALL:

wusa /uninstall /kb:2992611 /quiet /norestart

wusa /uninstall /kb:3011780 /quiet /norestart

 

 

Patch DENY December 2014

KB3004394 (CERTS)

KB3008923 (IE9, MS14-080)

KB2553154 (Office 2010, ActiveX)

KB3011970 (Silverlight)

 

UNINSTALL:

wusa /uninstall /kb:3004394 /quiet /norestart
wusa /uninstall /kb:3008923 /quiet /norestart
wusa /uninstall /kb:2553154 /quiet /norestart
wusa /uninstall /kb:3011970 /quiet /norestart

Tags:

WSUS