Windows updates found but not installed

[Andre Gronwald]

hi,

i tried to update some sql-servers with ansible (awx).

overall it worked fine, but some updates (latest sql-server 2016 sp2 and .bnet-framework) werde detected referring to windows updsate logfile but not installed.

whe installing those updates manually on some servers ifound further updates for office that have not been installed.

how can i install those updates by windows update module in ansible? i tried different categories for the update, but it didn't change anything.

any help would be appreciated.

kind regards,

andre

[Dan Linder]

Can you include a simplified playbook showing the steps you're performing?

Were the systems pending a reboot from a previous update?

[Andre Gronwald]

hi,

there should not be a pending reboot, because i rebooted the servers before and tested lots of things.

this is the playbook:

- name: Install Windows Updates

  hosts: all

  tasks:

    - name: Install all security, critical, and rollup updates without a scheduled task

      win_updates:

        category_names:

          - SecurityUpdates

          - CriticalUpdates        

          - ServicePacks

          - UpdateRollups

        server_selection:

           - windows_update

        reboot: yes

        reboot_timeout: 3600

      become: yes

      become_method: runas

      become_user: SYSTEM

[Andre Gronwald]

hi, i had a look into the issue again.

it seems that some updates were filtered because of the categories. that is ok (.net is featurepack). but i don't know why the sql server sp2 gdr wasn't found (https://support.microsoft.com/en-us/help/4532097/description-of-the-security-update-for-sql-server-2016-sp2-gdr-feb)

any idea? manually i was able to install it on the server, it was found immediately when searching for updates.

[Dan Linder]

I'd suggest removing the category_names and server_selection fields and see if the missing patches are applied.  I don't do Windows patching, but it might be that the "sql server sp2 gdr" is in a different category or server selection.

The "category_names" looks like it is a dynamic list that is dependent on the Windows system being patched.  The documentation for the "win_updates" module states that the possible category names can be produced by running the module in "state=searched" - possibly that would help you find a missing category name?

[Andre Gronwald]

When the category is not set the default is used, which is ["CriticalUpdates", "SecurityUpdates", "UpdateRollups"].

will try with state=searched and test if the update is installed with the category set what state=searched gives me.

thanks for your support,

regards,

andre