Microsoft pulls Windows 8.1 Update from WSUS servers

Microsoft released the Windows 8.1 Update to the general public on Tuesday, but an issue has since been discovered with the download that affects some clients connected to Windows Server Update Services (WSUS) servers.

In a blog post, Microsoft said the problem affects some PCs which caused them to stop scanning against WSUS 3.0 SP2 or WSUS 3.2 servers which are configured to use SSL and have not enabled TLS 1.2. The blog does offer a workaround for WSUS 3.2 running on Windows Server 2003 and 2008 that involves disabling HTTPS on WSUS. Windows Server 2008 R2 servers can also enable TLS 1.2 as another workaround for this problem.

Microsoft added:

You may still obtain the Windows 8.1 Update (KB 2919355) from the Windows Update Catalog or MSDN. However, we recommend that you suspend deployment of this update in your organization until we release the update that resolves this issue.

The Windows 8.1 Update is supposed to be mandatory for current Windows 8.1 users but this bug actually prevents clients that use WSUS from getting any further updates. Microsoft says they are working on a patch that will fix this issue and will release it "as soon as possible".

Thanks to Neowin reader "Top Qat" for the tip!

Source: Microsoft

Note: This does not affect consumers who update via Windows Update.

Report a problem with article
Previous Story

European Court of Justice deems Data Retention Law invalid

Next Story

Satya Nadella's next speaking event is April 15th, focus on big data

35 Comments

Commenting is disabled on this article.

Oh come on, this can't be an issue.

All of the anti-Win8 people on this site will tell you, no one in the enterprise is using Win8.

/S

Good to see the update pulled until issues are resolved.

Breach said,
From a release management perspective this update has been a huge mess.

My issue really is the lack of consistency with patching Windows, and just the difficulty of getting clear information about the update. I've had to scrat around on blogs and ask on tech forums - I just want to get the information, clearly and concisely from Microsoft, on a single portal / website with the answers to any and all questions.

Can someone update this article to point out that this doesn't affect consumers so people can stop posting crap in this thread?

I initially cringed as we do run our Windows Update server over HTTPS - though thankfully I'd updated our corporate WSUS Server to WSUS 4.0 on Windows Server 2012 R2. Doesn't seem to be causing my Windows Server 2012 R2 'clients' a problem - though I did indeed have to get the update down from the Windows Catalog, as it wasn't available for approval on Windows Update itself.

So far I'm pleased to say the 'Update' seems to be going on pretty smoothly but is taking about an hour to install on each of the systems I've tested.

It took about 45 minutes on my desktop for some reason. I went to take a walk and it was done when I returned. It didn't take very long at all on my Surface Pro 2 though.

I still had to update KB ending in 155 (after 25 updates before it and a reboot) and it was quick, it must have skipped a bunch from the leak update I installed then.

Enron said,
It took about 45 minutes on my desktop for some reason. I went to take a walk and it was done when I returned. It didn't take very long at all on my Surface Pro 2 though.

Solid state on installation helped maybe?

I guess worth mentioning in my case these are Windows Server 2012 R2 Virtual Machines, each with 2 vCPU's (on admittedly slow 2.2GHz AMD Opteron HE processors) and 3GB of RAM however the system is backed by enterprise class SAN storage. The system remained fairly usable throughout the installation however as CPU/memory/storage were not hammered whilst the update installed.

I put it on about 5 servers all told this afternoon - always took about an hour, but seemed absolutely fine afterwards. Still seem to be checking in to our WSUS server OK too thankfully so we think we're going to look to get the update rolled out in the next week or two.

I updated my desktop yesterday and it's purring like a kitten considering it was built in 2007 for Vista.

CPU - Quad Core Q9300 2.5GHZ
8GB RAM
64BIT
NVIDIA GeForce 9800TG 500MB
24 INCH HP Monitor 1920x1200
Four 2 terabyte drives

Sadly 2014 I'll be getting rid of this past beast for something better.

Your configuration looks fine to me. But if you do need to upgrade, I only see the CPU and graphics card as worthy candidates for an upgrade. Hail upgradable computers!!

If it's 2007 machine, it will have DDR2 RAM and I doubt the old motherboard will accept current Intel CPU's. So he will have to replace CPU, RAM, Motherboard, GPU...

He can keep the display and the HDD's... :-D

So it's actually not so hot with the "upgradeable computer" if you have to replace basically everything. And I don't remember anytime in the past where you could do some major PC upgrade and not to replace the whole thing.

I didn't install the leak but the version from MSDN and still had the update show up and install (On 3 machines). 1.7gb of updates per machine, lucky I'm on fibre.

I used the leak update to update my Win8. I just checked for updates and Update 1 was listed again officially from MS. So I DLed it again.

We have WSUS at work but only 3 people on Win8. Not a big deal for us but glad the issue was caught.

Hah! Many thanks to all hasty users wich updated to the "final" Update release. Your feedback is invaluable lol.
This is why I always wait a few months before upgrading.

Decebalvs Rex said,
Hah! Many thanks to all hasty users wich updated to the "final" Update release. Your feedback is invaluable lol.
This is why I always wait a few months before upgrading.

So you are using WSUS on your server configured to use SSL instead of TLS 1.2 in your organization?

My comment highlights general issues due to bad testing, rushed updates. When it comes to servers, business and organizations things should be rock-stable.

Decebalvs Rex said,
My comment highlights general issues due to bad testing, rushed updates. When it comes to servers, business and organizations things should be rock-stable lad.

True, but businesses should do their own testing as well. We have a test group all updates are rolled out to first. Then after a week or so with no problems, we roll them out to the rest.

Decebalvs Rex said,
My comment highlights general issues due to bad testing, rushed updates. When it comes to servers, business and organizations things should be rock-stable.

the issue relates to a very specific kind of setup involving WSUS server on site configured to use ssl for client connections AND not using TLS 1.2.

the effected audience for this will be very small, and its an issue for the it dept not end users.

I worry that if everyone thought to wait MONTHS then the problems would NOT be found ... FOR MONTHS! I agree for critical business items, you want to be causious but there are times when you want to / need to take a risk!

Decebalvs Rex said,
My comment highlights general issues due to bad testing, rushed updates. When it comes to servers, business and organizations things should be rock-stable.

You do realise it's practically impossible to test for every single eventuality?