Error Installing Windows Server Updates with Ansible #589
Comments
Is a very problematic update where I've found Microsoft release a new patch roughly every hour and 1/3 times is extremely problematic with trying to install. The following code was recently added with 9bb5483 and is part of the ansible.windows 2.1.0 release. ansible.windows/plugins/modules/win_updates.ps1 Lines 1937 to 1958 in c207ed4 What the code does is detect if the Windows Update API failed to install that specific KB and use a workaround process using |
|
If you are on Server Core, there is a fix from Microsoft If you are on Server full you need to increase the size of the winre parition from the default size. |
SUMMARY
Hi everyone,
I'm trying to automate Windows Updates on my servers using Ansible. I created a dedicated Administrator user on the machine to run updates with Ansible.
The updates start, but they don't install. I always get an error. I've tried on multiple installations, but the result is always an update error. However, I haven't seen this issue with Windows 11, for example, only with the Server version.
If I start this updates manually with Windows Update is going to install without problems.
ISSUE TYPE
COMPONENT NAME
win.update
ANSIBLE VERSION
ansible 2.10.8
config file = None
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 3.10.12 (main, Nov 20 2023, 15:14:05) [GCC 11.4.0]
COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT
Windows Server 2022
STEPS TO REPRODUCE
name: Update Windows
hosts: windows
tasks:
win_updates:
category_names:
- SecurityUpdates
- CriticalUpdates
- UpdateRollups
log_path: C:\log.txt
EXPECTED RESULTS
ACTUAL RESULTS
TASK [Install all security updates with automatic reboots] *********************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at Invoke-WithPipeOutput, : line 1005
fatal: [dc2.auxbit.it]: FAILED! => {"changed": true, "failed_update_count": 1, "filtered_updates": {"ea67cabb-aaf1-4482-a9aa-d6048b7bc15f": {"categories": ["Definition Updates", "Microsoft Defender Antivirus"], "downloaded": false, "filtered_reason": "category_names", "filtered_reasons": ["category_names"], "id": "ea67cabb-aaf1-4482-a9aa-d6048b7bc15f", "installed": false, "kb": ["2267602"], "title": "Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.405.802.0) - Current Channel (Broad)"}}, "found_update_count": 1, "installed_update_count": 0, "msg": "Failed to install all updates - see updates for more information", "reboot_required": false, "rebooted": false, "updates": {"a8a2d6e3-c6dc-4eb8-bcfb-8c8c7d947899": {"categories": ["Microsoft Server operating system-21H2", "Security Updates"], "downloaded": false, "failure_hresult_code": 2147944003, "failure_msg": "Unknown WUA HRESULT 2147944003 (UNKNOWN 0x80070643)", "id": "a8a2d6e3-c6dc-4eb8-bcfb-8c8c7d947899", "installed": false, "kb": ["5034439"], "title": "2024-01 Security Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5034439)"}}}
or the Event Viewer of Windows is writing this:
Installation Failure: Windows failed to install the following update with error 0x8024200B: 2024-01 Security Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5034439).
The text was updated successfully, but these errors were encountered: