Windows Update Service Is Required to Install Patches on Windows Vista and Later Windows Operating Systems

Version 9

    Description

     

    Microsoft patches fail to deploy on the following operating systems:

     

    • Windows Vista
    • Windows Server 2008
    • Windows 7
    • Windows Server 2008 R2
    • Windows 8
    • Windows Server 2012
    • Windows 8.1
    • Windows Server 2012 R2
    • Windows 10 (all builds)
    • Windows Server 2016 (all builds)

     

    When attempting to manually run a patch file copied to a target machine in C:\Windows\ProPatches\Patches you receive an error that the Windows Update service was not able to start or is not started.

    You may also see an error return code of 1058 when deploying .msu patches.

     

    Resolution

     

    Windows Vista/2008 changed patching behavior. Windows Vista and later patches are of a file type .MSU and this file type requires the Windows Update Service to be enabled to execute. The Windows update application is not required, but the standalone service handles extraction and execution of MSU patches and must remain enabled. For more details: KB934307 

    The Windows Update service must not be set to 'Disabled'. It does not explicitly need to be started, but it must be enabled. It can be set to 'Manual', 'Automatic-Delayed Start', or 'Automatic'.
    Windows Automatic Updates should be set to never check for updates, please see this document for more information: Best Practice: Windows Automatic Updates

    Affected Products

     

    Shavlik Protect 9.x

    Ivanti Patch for Windows Servers 9.3.x