Windows Update works?

[KM]

Hi,

I just wanted to bring up the old issue with Windows Update service on XPe
devices. If I recall it correctly, Microsoft has declared WU should not work
on XPe and the problem was on WU server side which did not recognize XPe
clients. Is it right?

I've been recently playing with a few XPe/SP1 images and for all the images
I was able to run Windows Update control from v4.windowsupdate.microsoft.com
without problems. I was testing the images on two machines (Desktop and
Laptop) and on both they ran and analyzed the systems perfectly. The only
problem was about version of windows reported to WU (e.g., "Windows XP SP1"
update was listed there although my image is SP1-based) but CSDVersion
registry value fixed that.

I was able to install most of the critical and recommended updates on my
image. Even DX9, WMP9, .Net framework 1.1 and some app and driver updates
(my machines specific) were installed fine (I haven't tested them completely
but just sniffed them with some run tests).

Only a few updates listed below failed to install on the XPe images:
Security Update for Microsoft Windows XP (KB828035)
Update Rollup 1 for Microsoft Windows XP (KB826939)
Security Update for Microsoft Windows (KB824141)
Security Update for Windows XP (819696)
Update for Windows Media Player Script Commands (KB828026)
Update for Microsoft Windows XP (KB826942)
Update for Jet 4.0 Service Pack 8 (KB829558)
Recommended Update for Windows XP SP1 (KB822603)
Windows Error Reporting: Recommended Update (Windows XP)
820291: Recommended Update (Windows XP)
814995: Recommended Update
Q322011: Recommended Update
327979: Recommended Update

Their binaries were downloaded locally, though. I ran a couple of the failed
updates manually (launched appropriate exe's) and they all were failing on
"system inspecting" phase with the error message: "Setup could not verify
the integrity of the file Update.inf. Make sure the Cryptographic service is
running on the computer.". Of course, Cryptographic service was running on
the image.

Anyway.. a couple of questions to MS guys:
1. Has MS recently changed WU server to recognize XPe device since it
obviously works now?
2. Does WU now work in XPe environment? If so, it would be a great news for
us.
However, why the updates listed above failed to install? Any missing
registry or file? Will this be fixed in future and if so, when?

Thanks,
KM

 

[Andy Allred [MS]]

No, WU it's still not supported. I've tested it extensively as well, the
results are erratic and sometimes cause versioning issues as well as
*dependency* issues since WU has no way of determining whether a new reg or
file dependency was introduced in a fix. You're likely testing on your
experimental runtime that adds most every component, which is not a
realistic runtime since it has virtually all features added. WU servers make
no distinction between Pro and Embedded which can have disastrous results
when applying changes to an *real* embedded device.

In any case, stay tuned over the course of the next 6 months there will more
much news on new methods of to apply changes besides DUA, especially for
SP2. This includes running Pro QFEs from the desktop of your embedded device
and I'm looking into SUS 2.0 for XPe as well.

Andy

 

[KM]

Andy,

You were almost right that I tested WU on my extremely big image that has
all software components. I did use XPProEmulation slx. However, I posted
those results only after I have played with a few images including smaller
ones. E.g. my last image was ~170Mb. It had WMP and DX included, though.
Anyway, I was able to repro WU stable work on the image and the result was
pretty much the same over all my images (Winlogon based!).
..Net, DX, WMP, IE, OE and other software and driver updates were installed
properly and smothly. The following updates always fail:
Security Update for Microsoft Windows XP (KB828035)
Update Rollup 1 for Microsoft Windows XP (KB826939)
Security Update for Microsoft Windows (KB824141)
Update for Windows Media Player Script Commands (KB828026)
Update for Microsoft Windows XP (KB826942)
Update for Jet 4.0 Service Pack 8 (KB829558)
Recommended Update for Windows XP SP1 (KB822603)
Windows Error Reporting: Recommended Update (Windows XP)
820291: Recommended Update (Windows XP)
814995: Recommended Update
Q322011: Recommended Update
327979: Recommended Update

Note that "Security Update for Windows XP (819696)" update sometimes fails,
sometimes not (I couldn't catch what's preventing it from installing).

Anyway.. the point is that WU partually and consistantly work (at least on
my WinLogon images ).
WU has always been a great XP feature helping IT and end users to keep thier
machines "alive" (up-to-date). I guess almost everyone got used the feature
and it would be great to have it on XPe (even if some updates gracefully
fail becuase of some missing components).

This all is not a complain but rather a feature request for SP2 or whatever
is in the future of XPe.
Thanks,
KM

 

[Andy Allred [MS]]

I understand where you're coming from Konstantin, but to tell the truth it
was probably a mistake to even make those components visible because of the
dependency problem it raises.

You see, WU was not architected to have an understanding of the dependency
relationship between features or files or registry keys, so if a QFE patches
a binary that introduces a new API call to another file that did not
previously exist in the dependency relationship, the machine could become
unstable immediately. All this is because WU was designed and implemented
well *before* XPe.

The fact that some high level testing of those QFEs you list below showed no
instability doesn't mean that the feature works properly. Some complex
features like DirectX may appear to be good on the surface, but if you
haven't exercised 100% of the DX functionality and preformed stress tests on
it then how do you know your experiment actually worked? We don't know, the
DX team would be able to tell for sure, but the IT admin in the field that
inadvertently hoses his Kiosk may not know until it's too late.

I'm on your side here, i wish this could work, but I'm afraid until WU has
the ability to analyze the device, determine what features are installed and
make a decision as to which QFEs can be installed and which can not, I
wouldn't trust this method at all.

Note that for Longhorn we have grand plans here, so if you have feedback on
how this should be done, please let me know. Or once Jon and I get my bug
report web interface in place, that would be a great opportunity to have
your voice heard by the entire product team instead of just me <grin>

 

[KM]

Andy,

Thanks for replying me here.

I probably got into a passion when I mentioned updates for such features
like DX, WMP and .Net. I absolutely agree with you that "patching"
(updating) these components (even existing) on an XPe image may make device
unstable. Even IT (I shouldn't mention end users at all!) is unlikely able
to test the features (apps, app layers, etc.) completely. I believe this is
only MS responsibility and possibility since it is your products.

However, I (and many others, as I heard) was more concerned about security
patches. Most of the critical updates (if not all ot them) get installed by
executing downloaded exe. WU itself is just a good, easy to use service
responsible for scheduling , downloading and launching those updates, right?
Basically, the update exe's have to inspect the image on the
binaries&registries patched under the fixes. E.g., if WU launch an update
that patches IE and the update exe does not see IE in the image, it won't
patch it and WU log file will reflect that. The point is that WU does not
have to have the ability to analyze the device but the update exe's should
determine is their updates are applicable to the device.
The best thing about WU is that it is the easiest and fastest way to get
devices up-to-date. Even though it is still a bit risky to patch some app or
system components with critical updates it may sometimes be better than have
a security hole (like MS Blaster) that may completely screw an entire
network of the devices down. Also, my believe is that any patch (WU-based or
any other) for XPe device carries more risk than the same patch for XP Pro
since MS won't be able to test the patch on thousand different existing XPe
devices.

And again, the web site to post our opinions on the product features would
be a great way to speed up the process

Thanks for the dialog,
KM