Updating Windows 10

Hello, I am trying to install windows updates with Ansible and for some reason it is not working. This is what I have so far.

My playbook:

This is the results after the play runs:

Then when I go to the windows 10 machine this is what I see when i look at the updates:

I am not sure if I maybe am not covering the correct category or what. I have also tired to upgrade a 1803 windows 10 to 1909 with no avail. Can anyone help me with getting ansible to be able to update windows.

The account I am using is a admin on the windows 10 machine. I also have another play book that uses the win_chocolatey module to install Apps and it installs them fine. So, I don’t think this can be a permission issue.

Disable windows updates from os end if you plan to do it from ansible

os end more likely the output is of last scan

So if you scan post ansible deployment you try scan on os end it will show no updates needed

Also depends on what all categories you selected from ansible end

Reboot is neeeded typically post deployment

So test those things

When you say disable windows updates from the OS. Do you mean go in to the windows services and disable the Windows Update service? If you are not referring to this I am not sure what you mean by disable windows updates. I though it needed the windows update service to be started to install updates.

If you run with a higher verbosity (usually -vv or more) then the output from the win_updates task will be shown. This output will contain a list of all the updates that were matched on the criteria as well as any updates that were available but didn’t match the criteria specified (filtered). It’s these filtered updates you need to look at and see why they are filtered out, typically it’s because none of the categories for that update match what was specified.

I also forgot to mention that the module sources all the updates from the Windows update api. If it doesn’t appear at all in either the selected or filtered list then windows did not detect any update as being available. If you are running a WSUS server the Windows host could be configured to use that as the source. If the WSUS hasn’t advertised the update the win_updates will not be able to find it.

Hello Jordan,

I think the categories are messing with me a bit. I thought updating windows to 1909 or the 2004 update was on the upgrade’s category. But when I look at the Microsoft Update Catalog for Update Cumulative Update for Windows 10 Version 1909 for x64-based Systems (KB4524570) Classification is Security Updates.

However, I use a playbook for finding all the updates. This is the play book that has all the categories I could find:

I was not able to attache a text file so here is the contents of them. The first one ins what I ran before trying to install any updates. The second file is what I get after trying to install the updates:

First File:

2020-07-27 09:20:56Z WUA is available in current logon process, running natively
2020-07-27 09:20:56Z Creating Windows Update session…
2020-07-27 09:20:56Z Create Windows Update searcher…
2020-07-27 09:20:56Z Setting the Windows Update Agent source catalog…
2020-07-27 09:20:56Z Requested search source is ‘default’
2020-07-27 09:20:56Z Search source set to ‘default’ (ServerSelection = 0)
2020-07-27 09:20:56Z Searching for updates to install
2020-07-27 09:21:11Z Found 11 updates
2020-07-27 09:21:11Z Creating update collection…
2020-07-27 09:21:11Z Adding update 3b80c9f0-1416-4f38-bc39-e68ec91b71fa - Update for Adobe Flash Player for Windows 10 Version 1809 for x64-based Systems (KB4462930)
2020-07-27 09:21:11Z Adding update b885d48a-be89-4b3b-9e02-66896c88b568 - Microsoft .NET Framework 4.8 for Windows 10 Version 1809 for x64 (KB4486153)
2020-07-27 09:21:11Z Adding update 62afbd9b-097b-4300-9e4d-275c9a35be2c - Update for Windows Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2001.10)
2020-07-27 09:21:11Z Adding update 2221dd34-39bb-4f16-b320-be49fe4a6b95 - Windows Malicious Software Removal Tool x64 - v5.82 (KB890830)
2020-07-27 09:21:11Z Adding update d7788cdf-043f-4920-a066-d5aa76366ce5 - 2020-01 Update for Windows 10 Version 1809 for x64-based Systems (KB4494174)
2020-07-27 09:21:11Z Adding update f0373bed-690d-454b-898d-e5a20a4e4f90 - 2020-06 Security Update for Adobe Flash Player for Windows 10 Version 1809 for x64-based Systems (KB4561600)
2020-07-27 09:21:11Z Adding update 574c4e34-7a64-4d62-a90d-62818c403ae0 - Update for Microsoft Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2006.10)
2020-07-27 09:21:11Z Adding update 9add809d-6ff7-41cc-b891-2fe92d2aa759 - 2020-07 Cumulative Update Preview for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809 for x64 (KB4567327)
2020-07-27 09:21:11Z Adding update b189e214-800b-46f6-8d32-fae39d1ec62a - Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.319.2408.0)
2020-07-27 09:21:11Z Adding update 75be4a80-6464-4d06-b0b7-fdc57c1762bf - 2019-12 Update for Windows 10 Version 1809 for x64-based Systems (KB4023057)
2020-07-27 09:21:11Z Adding update ac2b20ab-6186-4267-8d55-4b3ca35197d1 - Feature update to Windows 10, version 1909
2020-07-27 09:21:11Z Calculating pre-install reboot requirement…
2020-07-27 09:21:11Z Check mode: exiting…
2020-07-27 09:21:11Z Return value:
{
“updates”: {
“2221dd34-39bb-4f16-b320-be49fe4a6b95”: {
“categories”: [
“Update Rollups”,
“Windows 10”,
“Windows 10 LTSB”
],
“title”: “Windows Malicious Software Removal Tool x64 - v5.82 (KB890830)”,
“id”: “2221dd34-39bb-4f16-b320-be49fe4a6b95”,
“installed”: false,
“kb”: [
“890830”
]
},
“62afbd9b-097b-4300-9e4d-275c9a35be2c”: {
“categories”: [
“Microsoft Defender Antivirus”,
“Updates”
],
“title”: “Update for Windows Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2001.10)”,
“id”: “62afbd9b-097b-4300-9e4d-275c9a35be2c”,
“installed”: false,
“kb”: [
“4052623”
]
},
“9add809d-6ff7-41cc-b891-2fe92d2aa759”: {
“categories”: [
“Updates”,
“Windows 10”,
“Windows 10 LTSB”
],
“title”: “2020-07 Cumulative Update Preview for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809 for x64 (KB4567327)”,
“id”: “9add809d-6ff7-41cc-b891-2fe92d2aa759”,
“installed”: false,
“kb”: [
“4567327”
]
},
“d7788cdf-043f-4920-a066-d5aa76366ce5”: {
“categories”: [
“Updates”,
“Windows 10”
],
“title”: “2020-01 Update for Windows 10 Version 1809 for x64-based Systems (KB4494174)”,
“id”: “d7788cdf-043f-4920-a066-d5aa76366ce5”,
“installed”: false,
“kb”: [
“4494174”
]
},
“b189e214-800b-46f6-8d32-fae39d1ec62a”: {
“categories”: [
“Definition Updates”,
“Microsoft Defender Antivirus”
],
“title”: “Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.319.2408.0)”,
“id”: “b189e214-800b-46f6-8d32-fae39d1ec62a”,
“installed”: false,
“kb”: [
“2267602”
]
},
“75be4a80-6464-4d06-b0b7-fdc57c1762bf”: {
“categories”: [
“Critical Updates”
],
“title”: “2019-12 Update for Windows 10 Version 1809 for x64-based Systems (KB4023057)”,
“id”: “75be4a80-6464-4d06-b0b7-fdc57c1762bf”,
“installed”: false,
“kb”: [
“4023057”
]
},
“574c4e34-7a64-4d62-a90d-62818c403ae0”: {
“categories”: [
“Definition Updates”,
“Microsoft Defender Antivirus”
],
“title”: “Update for Microsoft Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2006.10)”,
“id”: “574c4e34-7a64-4d62-a90d-62818c403ae0”,
“installed”: false,
“kb”: [
“4052623”
]
},
“f0373bed-690d-454b-898d-e5a20a4e4f90”: {
“categories”: [
“Security Updates”,
“Windows 10”,
“Windows 10 LTSB”
],
“title”: “2020-06 Security Update for Adobe Flash Player for Windows 10 Version 1809 for x64-based Systems (KB4561600)”,
“id”: “f0373bed-690d-454b-898d-e5a20a4e4f90”,
“installed”: false,
“kb”: [
“4561600”
]
},
“b885d48a-be89-4b3b-9e02-66896c88b568”: {
“categories”: [
“Feature Packs”,
“Windows 10”
],
“title”: “Microsoft .NET Framework 4.8 for Windows 10 Version 1809 for x64 (KB4486153)”,
“id”: “b885d48a-be89-4b3b-9e02-66896c88b568”,
“installed”: false,
“kb”: [
“4486153”
]
},
“3b80c9f0-1416-4f38-bc39-e68ec91b71fa”: {
“categories”: [
“Updates”,
“Windows 10”
],
“title”: “Update for Adobe Flash Player for Windows 10 Version 1809 for x64-based Systems (KB4462930)”,
“id”: “3b80c9f0-1416-4f38-bc39-e68ec91b71fa”,
“installed”: false,
“kb”: [
“4462930”
]
},
“ac2b20ab-6186-4267-8d55-4b3ca35197d1”: {
“categories”: [
“Upgrades”
],
“title”: “Feature update to Windows 10, version 1909”,
“id”: “ac2b20ab-6186-4267-8d55-4b3ca35197d1”,
“installed”: false,
“kb”: [
“4560960”
]
}
},
“found_update_count”: 11,
“changed”: false,
“reboot_required”: false,
“installed_update_count”: 0,
“filtered_updates”: {

}
}
2020-07-27 09:21:11Z Native job completed with output:
Name Value


updates {2221dd34-39bb-4f16-b320-be49fe4a6b95, 62afbd9b-097b-4300-9e4d-275c9a35be2c, 9add809d-6ff7-41cc-b891-2fe92d2aa759, d7788cdf-043f-4920-a066-d5aa76366ce5…}
found_update_count 11
changed False
reboot_required False
installed_update_count 0
filtered_updates {}

Second file:

2020-07-27 11:09:37Z WUA is available in current logon process, running natively
2020-07-27 11:09:37Z Creating Windows Update session…
2020-07-27 11:09:37Z Create Windows Update searcher…
2020-07-27 11:09:37Z Setting the Windows Update Agent source catalog…
2020-07-27 11:09:37Z Requested search source is ‘default’
2020-07-27 11:09:37Z Search source set to ‘default’ (ServerSelection = 0)
2020-07-27 11:09:37Z Searching for updates to install
2020-07-27 11:09:41Z Found 3 updates
2020-07-27 11:09:41Z Creating update collection…
2020-07-27 11:09:41Z Adding update b885d48a-be89-4b3b-9e02-66896c88b568 - Microsoft .NET Framework 4.8 for Windows 10 Version 1809 for x64 (KB4486153)
2020-07-27 11:09:41Z Adding update 733586b1-2335-40ff-8ff4-86da119d371f - Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.319.2413.0)
2020-07-27 11:09:41Z Adding update ac2b20ab-6186-4267-8d55-4b3ca35197d1 - Feature update to Windows 10, version 1909
2020-07-27 11:09:41Z Calculating pre-install reboot requirement…
2020-07-27 11:09:41Z Check mode: exiting…
2020-07-27 11:09:41Z Return value:
{
“updates”: {
“733586b1-2335-40ff-8ff4-86da119d371f”: {
“categories”: [
“Definition Updates”,
“Microsoft Defender Antivirus”
],
“title”: “Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.319.2413.0)”,
“id”: “733586b1-2335-40ff-8ff4-86da119d371f”,
“installed”: false,
“kb”: [
“2267602”
]
},
“b885d48a-be89-4b3b-9e02-66896c88b568”: {
“categories”: [
“Feature Packs”,
“Windows 10”
],
“title”: “Microsoft .NET Framework 4.8 for Windows 10 Version 1809 for x64 (KB4486153)”,
“id”: “b885d48a-be89-4b3b-9e02-66896c88b568”,
“installed”: false,
“kb”: [
“4486153”
]
},
“ac2b20ab-6186-4267-8d55-4b3ca35197d1”: {
“categories”: [
“Upgrades”
],
“title”: “Feature update to Windows 10, version 1909”,
“id”: “ac2b20ab-6186-4267-8d55-4b3ca35197d1”,
“installed”: false,
“kb”: [
“4560960”
]
}
},
“found_update_count”: 3,
“changed”: false,
“reboot_required”: true,
“installed_update_count”: 0,
“filtered_updates”: {

}
}
2020-07-27 11:09:42Z Native job completed with output:
Name Value


updates {733586b1-2335-40ff-8ff4-86da119d371f, b885d48a-be89-4b3b-9e02-66896c88b568, ac2b20ab-6186-4267-8d55-4b3ca35197d1}
found_update_count 3
changed False
reboot_required True
installed_update_count 0
filtered_updates {}

Based on your output it’s finding the update, it’s just not being installed because you have ‘state: searched’. The behaviour here is correct as you’ve asked to just search for updates and not install them.

As for the categories I can’t really tell you why the update catalogue is reporting another one. We take in whatever the update API is reporting and this problem is the whole reason why we added the filtered_updates list.

Hi jbor...@gmail.com,

That playbook was not meant to install updates its only meant to fine what updates need to be installed. I have a different playbook for actually installing them. Which is this one:

`

Does anyone know if I can go to the Windows Update Catalog and just download the 1909 or 2004 update ISO and have ansible install the update from that?

If it’s not finding the update when state: installed then share the verbose module output in that case to figure out why the module is filtering the update. Have a look at your categories with your state: installed example, I don’t think it’s the problem but you should change that from a list literal on a newline to the yaml format

category_name:

  • Security Updates
  • Critical Updates
  • Updates
  • etc

As for your last question you can do that, you just need to use become on the task when calling wusa.exe to install the update. It should be needed though.

Hello.

So this is the playbook now have:

(attachments)

My end goal it actually not to install all teh windows updates. I am just wanting to upgrade windows 10 boxes to 1909 and the 2004 updates. I am trying to get a group of Windows 10 PC of 5-10 and run a upgrade playbook and install the 1909 and the 2004 update after hours when the users are not at there PCs.

I still don’t fully see the issue, the first call to win_updates found 4 updates and no updates were filtered. The screenshot you shared show that 4 updates were available which matches the 4 that are in log. Based on the logs it was run in check mode so it didn’t actually install the updates (similar to state: searched).

The 2nd snippet you had showed it not only installed 4 updates but it also rebooted the host and came back without any errors and continued onto your next task. No updates were filtered so there are no more available updates for that host. Are you saying that when you log back into that same host and check for updates they aren’t installed and are still available? If you were to check for updates again in win_updates will they still appear again?

So here is an issue I am having I am trying to get the Feature update to windows 10 version 1909 installed using Ansible. When I go to Update & Security this is what I see:

Then I run this playbook to install that update, and this is the outcome.

Playbook:

I’ve spent a few hours today to try and track down this problem but unfortunately I’ve come up short. I’ve opened up an issue for this problem [1] but I don’t have a fix for it sorry.

No matter what I search for I’m just not able to get the Windows Update API when using it directly to report on any feature updates that are available which makes me suspect it’s not handled by that API at all. The only workaround I know is to download the update files and call the .exe through something like win_command.

[1] - https://github.com/ansible-collections/ansible.windows/issues/87

Hello, I have been trying figure out away to do that. I have already downloaded the update and extracted the ISO so i now have a setup.exe file. I have been trying to use Powershell to install it then call that Powershell script from my ansible playbook. But have not been able to get it to work I keep getting an error saying the /s or /silent is not a valid argument.

I will give the win_command module a try. I will let you know if I can get it to work.