How to handle windows update errors

Archives Ansible Project
1

Hello guys:

I’m trying to patch my Windows servers by using an until loop, so Ansible can keep patching and rebooting while needed. This is my code:

  • name: Apply patches
    win_updates:
    category_names:
  • SecurityUpdates
  • CriticalUpdates
  • UpdateRollups
    reboot: yes
    reboot_timeout: 2400
    register: updates
    vars:
    ansible_winrm_operation_timeout_sec: 120
    ansible_winrm_read_timeout_sec: 150
    failed_when:
    updates.failed_update_count is defined and
    updates.failed_update_count > 0 and
    1 == 2
    until: updates.msg is not defined and updates.installed_update_count == 0
    retries: 10

I don’t know how many times Windows will require to be rebooted, so I asummed 10 as maximum. I noticed that Ansible rebooted once and continued patching. However, I started to see these messages:

TASK [os-update : Apply patches] *****************************************************************************************************************************************************
FAILED - RETRYING: Apply patches (10 retries left).
FAILED - RETRYING: Apply patches (9 retries left).


FAILED - RETRYING: Apply patches (1 retries left).
ok: [1.2.3.4]

PLAY RECAP **************************************************************************************************************************************************************************************
1.2.3.4 : ok=9 changed=0 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0

I would guess no more patches were pending nor a reboot was required. However, when I open Windows Update on my server, I can see a message that states “Restart your PC to finish installing updates”. If I click on “Check for updates” to see if there are pending patches to be applied, I got a message “You’ll need to restart your PC to finish installing previous updates”.

As per my code, wasn’t Ansible suppossed to reboot the server if needed after patching? I confirm that it did reboot just once, but it seems Ansible isn’t detecting the need to reboot for the 2nd time.

How can I see the details of these “FAILED - RETRYING” notifications?

I hope someone can help me. Thanks in advance.

2

I just wanted to chime in that I have this same question and to hopefully bring some attention to this since it’s been a few months. I’m honestly starting to think that maybe this is a bug and should be reported on GitHub and that this module doesn’t actually support retries…

My Ansible code is similar except I’m doing retries to catch patching failures, not specifically for reboots.

`

  • name: Install all updates except preview releases
    win_updates:
    category_names:
  • SecurityUpdates
  • CriticalUpdates
  • UpdateRollups
  • Application
  • DefinitionUpdates
  • Updates
  • Tools
  • ServicePacks
    reboot: yes
    state: installed
    reboot_timeout: 7200
    blacklist:
  • “..Preview of..”
    log_path: c:\Windows\TEMP\ansible_patching.log
    register: updates_install
    retries: 3
    until: updates_install is succeeded

`

This fails if any updates require a reboot with error:

msg: A reboot is required before more updates can be installed