Microsoft Windows Server 2012 R2 Standard x64 Clients fail to be targeted by any Microsoft Software Updates released in 2015.

• Patch Compliance Reports display compliance for only 12-18 Microsoft Software Updates

Microsoft Windows Server 2008 R2 Standard x64 Clients fail to be targeted by any Microsoft Software Updates released in 2014.

• Patch Compliance Reports display compliance for only 1-2 Microsoft Software Updates

Microsoft Windows Server 2008 (not R2) fail to be targeted by any Microsoft Software Updates released in 2014.
 

Patch Management.

This is also applicable to Data Loss Prevention.

Windows Server

For Windows Server 2008 R2 and 2012 R2 there is a prerequisite Software Update (KB2919355) that needs to be installed to the Operating System prior to targeting for any of the recently released Microsoft Software Updates. Patch Management is unable to target for KB2919355 because a newer update (KB2989647) supersedes its own prerequisite (KB2975061).

Research found main cause outlined in https://support.microsoft.com/en-us/kb/2919355 as it details the following under 'Introduction' in paragraph two: Important All future security and non security updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require this update to be installed. We recommend that you install this update on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer in order to receive continued future updates.

One scenario may be that clearcompressionflag.exe was already run, and some of the required KB's were installed, but the rest of the KB's would not install, allowing this issue to be fixed.

Note: Patch Management Solution is working as designed, for even the Windows Update Tool runs and coincides with the Compliance Reports, so the Operating System is not even able to become applicable to the 2015 Microsoft Software Updates on the OS level until that prerequisite is installed.

Additional findings for Windows Server 2008 R2 Standard x64; Clients are not targeted by Software Updates as their Operating System (OS) is End-of-Life (EOL) per Microsoft and only current updates will target once the supported Service Pack (SP) of that OS is installed.

For Windows Server 2008 (not R2) the operating system must be upgraded to Windows Server 2008 SP2 before recent updates will be applicable.

For Windows Server 2008 or Windows Server 2008 SP1 computers the issue can be resolved by upgrading the operating system to Windows Server 2008 SP2. Patch Management bulletin SBSP-Windows6.0-KB948465 might do this but it has not been confirmed.

For Windows Server 2008 R2 computers the issue can be resolved by deploying bulletin SBSP-windows6.1-KB976932 (used to be SBSP-windows2008R2-KB976932) through Patch Management.

Review https://support.microsoft.com/en-us/kb/2919355 for more details or install the following Software Updates:

• KB2919442 or KB2975061- Servicing Stack Update (prerequisite for KB2919355 below, KB2975061 is newer and superseded KB2919442 but either works)
• KB2919355 - Operating System Update (outlined in 'Cause' section above, the download will also come with clearcompressionflag.exe which should be run first)

If that solution does not work run Windows Update or manually download and install the following Microsoft Software Updates (these are prerequisites for all later updates):

Note: Patch Management is unable to target compliance for EOL OS's: Once these currently supported Service Packs are installed; the current vulnerable updates will be applicable in Compliance Reports.

Applies To

Patch Management 7.x & 8.x