Hi.
I am becoming crazy working with Windows Update.
My playbook extract on windows update:
tasks:
- name: Create a drectory under C:\Temp
win_file:
path: C:\Temp\WinUpdLog
state: directory
register: win_file
- name: Check for available updates
ansible.windows.win_updates:
category_names: '*'
reboot: true
reboot_timeout: 1800
state: searched
- name: Install all updates and reboot as many times as needed
ansible.windows.win_updates:
category_names: '*'
state: installed
log_path: C:\Temp\WinUpdLog\ansible_wu.txt
reboot: true
reboot_timeout: 1800
I obtained an error:
FAILED! => {"changed": true, "failed_update_count": 1, "filtered_updates": {}, "found_update_count": 1, "installed_update_count": 0, "msg":
"An update loop was detected, this could be caused by an update being rolled back during a reboot or the Windows Update API incorrectly reporting a failed update as being successful.
Check the Windows Updates logs on the host to gather more information.
Updates in the reboot loop are: f9fcbc6f-5349-4f1f-bc13-2f098ddf9622", "reboot_required": false, "rebooted": true, "updates": {"f9fcbc6f-5349-4f1f-bc13-2f098ddf9622": {"categories":
["Drivers", "Windows Server 2012 R2 and later drivers"], "downloaded": false, "failure_hresult_code": -1, "failure_msg": "Unknown WUA HRESULT -1 (UNKNOWN 0xFFFFFFFF)", "id":
"f9fcbc6f-5349-4f1f-bc13-2f098ddf9622", "installed": false, "kb": [], "title": "Microsoft driver update for Generic / Text Only"}}}
How could I solve?
Are there any best practices to execute Windows Update?
The reboot loop occurs when the update was installed without an issue but reported a reboot was required. After the reboot when the module went to run again to see if there were more updates available it found the same update to be installed. Instead of just getting stuck constantly installing and rebooting the same update it failed.
As for why this happens it’s something that’s hard to find out unfortunately. Typically what it means is that Windows rolled back the update during the reboot but the win_updates module doesn’t know anything about why. You’ll have to look into the logs for Windows Update to see why that particular update is failing to be installed or just skip it entirely.
- name: Check for available updates
ansible.windows.win_updates:
category_names: '*'
reject_list:
- 'Microsoft driver update for Generic / Text Only'
reboot: true
reboot_timeout: 1800
state: searched
- name: Install all updates and reboot as many times as needed
ansible.windows.win_updates:
category_names: '*'
reject_list:
- 'Microsoft driver update for Generic / Text Only'
state: installed
log_path: C:\Temp\WinUpdLog\ansible_wu.txt
reboot: true
reboot_timeout: 1800
but I saw some weird behaviour
I see the updated executed if I check them from powershell:
BTW, I don’t see them from Windows Update graphic interface.
Furthermore, if I do manually from the graphic WindowsUpdate button, it executed one more update:
Security intelligence updates for Microsoft Defender Antivirus - KB2267602 (Version 1.421.290.0) - Current Channel (Broad)
Successfully installed on 14/11/2024
The security update KB2267602 is a defender definition update that is released roughly every hour by Microsoft. Each update uses the same KB number so you’ll see times when Ansible installed the older update but Microsoft released a new version meaning it is available again. Not much you can do about that unfortunately.
As for trying to sync the GUI with what Ansible does I cannot help you there unfortunately. I know off know way to try and keep them aligned except wait until whatever internal mechanism is done to do so. If you ever find a way I’m definitely interested to hear it as it’s a common issue people come across.