I tried to install on a virtual 2012 R2 server (Hyper-V) and the Installing ESU Suppressor... message hangs for a long time. I closed the window. Now there are no updates, and if I run ESU installer again, there is only the Exit option. I then edited the cmd file a bit to remove and reinstall the suppressor. But the November 2023 updates are still not coming through Windows Update. Next, I performed a clean installation of the suppressor on another clean virtual server, but the November 2023 updates also did not appear.
@alexhoma @andrea999 BypassESU-Blue only allow to install ESU updates to receive ESU updates through WU you need: WSUS Proxy + KB5017220 + SSU 2023-08 KB5029368 or later
Thanks for the help! I didn’t immediately realize that a WSUS proxy was also needed. After installing the KB5017220 update and WSUS proxy, everything worked on Windows Server 2012 R2. Thanks a lot!
First of all a huge thanks for @abbodi1406 for continuing to be the absolute hero of ESU. So much appreciation. Now it would be great if I could just rid of 2008R2 and 2012R2 machines but that is just not an option (unless mucho money just suddenly drops from the skies). But enough about that... I believe the confusion @alexhoma has is related to the wording of everything related to WSUS Proxy. It says: "Allow Windows 8.1 x64 to receive ESU updates for Windows Server 2012 R2 through Windows Update" This could be understood to mean that it refers to the Windows 8.1 client OS. Even though we know 8.1 is the actual internal version also for the server OS, taken together with the last part of the sentence it would reinforce the thought that it is only needed for client. I too took this to mean that it is only necessary for the client OS and only after I read the whole thread I understood from the replies that it is needed for server OS as well. In order to clear this up and free up our hero's time to reply to confused users I suggest to change this to "Allow Windows 8.1 x64 client & server to [...]" or possibly "Allow Windows 8.1 x64 and Server 2012 R2 x64 to [...]". What say you?
WSUS Proxy was mainly for the clients, didn't know if it will work for Server, or if there were demand from Server users i have updated the description in the posts
I agree with @bluiks suggestions. And one more wish: is it possible to run a WSUS proxy as a service?
I saw the PHP files inside. This makes me wonder if it would be possible to run the proxy on a single dedicated Linux VM instead of installing the proxy on all the Windows 8.1 machines. Hmm.... Edit: or even on the WSUS machine itself, on a separate port of course. Would need to look at what it does exactly - does it depend on being installed on the machine that needs updates. The fact that the DataStore needs to be removed might mean it needs to be installed on the WSUS client.
No, it can be ran on any machine you just need to set the correct network IP instead 127.0.0.1:8530 in Add_wsus scripts
Do all NET Framework updates contain ESU block now ? I remember NET Framework 02-2023 could still be installed without bypass.
I'm having some trouble with this. I'm using modified server variable pointing to my WSUS. I installed BypassESU-Blue first per download post. Starting with a fresh SoftwareDistribution tree doesn't resolve the problem... I checked the KBs were installed using WMIC and even reinstalled with DISM too. Relevant log snippets (URLs modded so this noob can post here): Spoiler: Log snippets SLS Retrieving SLS response from server using ETAG "179GudvIptqnLaOLTQCTrdGx/ZGJz3CDvhJ43f2BDrE=_2880"... SLS Making request with URL <HTTPS to post here>://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=672&L=en-US&P=&PT=0x8&WUA=7.9.9600.19915 EP FATAL: EP: Failed to obtain element node, error = 0x80245002 EP FATAL: Failed to obtain 9482F4B4-E343-43B6-B170-9A65BC822C77 redir SecondaryServiceAuth URL, error = 0x80245002 Agent WARNING: Failed to obtain the authorization cab URL for service 117cab2d-82b1-4b5a-a08c-4d62dbee7782, hr=0 .... EP Got WSUS Client/Server URL: "<http to post here>://127.0.0.1:8530/?/ClientWebService/client.asmx" Setup Checking for agent SelfUpdate Setup Client version: Core: 7.9.9600.19915 Aux: 7.9.9600.19915 EP Got WSUS SelfUpdate URL: "<http to post here>://127.0.0.1:8530/?/selfupdate" Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab with dwProvFlags 0x00000080: Misc Microsoft signed: NA Misc Infrastructure signed: Yes Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\TMPC846.tmp with dwProvFlags 0x00000080: Misc Microsoft signed: NA Misc Infrastructure signed: Yes Setup WARNING: SelfUpdate check failed to download package information, err = 0x80246002 Setup FATAL: SelfUpdate check failed, err = 0x80246002 Agent * WARNING: Skipping scan, self-update check returned 0x80246002 Agent * WARNING: Exit code = 0x80246002 If I enable tracing I get: Misc Performing hash check on file C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab using algorithm SHA256. Misc WARNING: File C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab failed validation. However, downloading a local copy of wsus3setup.cab and running Get-AuthenticodeSignature returns a VALID status.
@abbodi1406, many thanks for that. Just to be clear, I'm running it for a WinServer2012R2 update client against a WSUS 10.0 server (WinServer2019). It ended up being the WSUS Proxy bundled wuident.cab which has: Code: ... [OS3] ... *.*:6.2.0.0.0-6.2.9199.999999.999999=/SKIP *.*:6.2.9200.0.0-6.2.999999.999999.999999=/Win8 *.*:6.3.0.0.0-6.3.9599.999999.999999=/SKIP *.*:6.3.9600.0.0-6.3.999999.999999.999999=/Blue *.*:6.4.0.0.0-=/SKIP ... So i grabbed the vanilla one from WSUS 10.0 which ends with *.*:6.2.0.0.0-=/SKIP and now it SKIPs and then it does successfully detect, download and install the ESU updates. btw, the proxy gives a HTTP status 200 when downloading selfupdate/WSUS3/x64/Blue/wsus3setup.cab, but I presume it gets selfupdate/WSUS3/x64/Other/wsus3setup.cab. Anyway, the SLS run still fails. Also blobs fail to download to src/blobs (there are a couple of 0 byte files in there). Looking in index.php, it looks like this is for selfupdate only anyway. I'm not really seeing what the WSUS proxy is doing to let BypassESU-Blue work. I suspect I had a WinHTTP issue preventing SLS from even starting. Resolving this was coincidental to installing WSUS Proxy. Perhaps the SLS run just needs to start and then fail in order for things to continue. I don't see any proxy intercepts for ClientWebService/client.asmx in index.php either. Also, calls to ReportingWebService/ReportingWebService.asmx via WSUS Proxy don't appear to work (despite HTTP status 200). Setting the intranet update server to connect directly resolves this. I suspect I won't need WSUS Proxy next patch Tuesday... Am I right? In my environment, did I even need it in the first place? Is it just the EditionID needs to be ServerStandard and C:\Windows\SoftwareDistribution be deleted (or equivalent)...? Almost wish I had another 8.1/2012R2 machine to check... 8^d
@quotient That wuident.cab is bundled with WSUS_Proxy_Win80-x64.7z you should use WSUS_Proxy_Win81-x64.7z i don't get any SLS requests in WindowsUpdate.log when WSUS Proxy is used all ClientWebService/client.asmx connections are intercepted, but only SyncUpdates responses are checked and modified ReportingWebService is just generic response (to satisfy real requirement WUStatusServer), it's not really reporting or checking any data
Has anyone managed to install the November updates for Windows 8 or for Windows Server 2012? I had no problems running WSUS Proxy on Windows 8 until the November updates. Running WSUS Proxy detects the November Rollups KB5032247 KB5032342 for both Windows 8 and Windows Server 2012. The updates can be installed however they fail during reboot. They also fail on reboot when I use the Dism add package method. BTW Its a new clean fully updated to Oct 2023 Windows Server 2012 for testing purposes.