Syncro System Status:

Bad Patches - 01/22

KB5009543 - Breaks VPN on Windows 10
KB5009566 - Breaks VPN on Windows 11
KB5009624 - Breaks Hyper-V on Server 2012, VMs won’t start. ReFS volumes come up as raw.
KB5009557 - Critical Affects Server 2019, causes DCs to reboot every few minutes.
KB5009555 - Critical Affects Server 2022, causes DCs to reboot every few minutes.

You can run wusa to remove, but must run as admin and will prompt user. I haven’t scripted anything yet, we delay patching, and remove the category until there’s a fix. Quick uninstall command:

wusa /uninstall /kb:5009543

Feel free to post any other uninstall methods.

4 Likes

I’ve seen this in the past, but never got a satisfactory answer from Syncro on why some patches show up in a category that doesn’t exist in policies.

1 Like

Updated with 2 more bad patches.

We also had KB5009624 cause a DC boot loop on 2012r2 DCs with the same resolution, removing network adapters, to fix the boot loop, log in and uninstall patch and re-add network adapters.

1 Like

KB5009624 also breaks Hyper-v on Server 2016

That’s good to know. Thanks for the head’s up!

Saw this morning that the server patches have been pulled.

New patches have been released to address the VPN, Hyper-v, and restart issues.

I haven’t seen all of these come up in Syncro yet, but the ones that have are listed under the “Update” category instead of “SecurityUpdate”.

Hey @Jimmie,

We poll Windows for the update history and that’s what we display on the asset.

Feature updates are included in the results that Windows returns, but Windows doesn’t include a method to install it using the same method that is available for the other updates. There are scripts available to install it, but it will trigger a reboot of the system and that is one of the reasons we haven’t built it into the Windows Update process. It is also why the category isn’t available in policies.

When the time comes for our Product Team to revisit Windows Updates, I will definitely push for them to investigate a reliable way to install these updates.

I understand about the feature update, but the update I spoke about shows up as a Feature Update categorized as Upgrade on some systems and SecurityUpdate on others with 2 different descriptions.

Compare the image above with this one, both Windows 10, both 20H2.

Feature updates seem to be a crapshoot with Syncro. Identical hardware and current software/feature level on 2 PCs, one will grab it and one will sit there until you log in as admin and use the upgrade assistant. It’s quite annoying - but I will say Syncro does Windows Updates better in general than other solutions I’ve used.

I have also voiced my concerns as well. But was told to do a script.
I do feel that the Product team needs to get on this sooner than later, because i’ve been finding that when those features updates are waiting, they cause issues, once installed the issues goes away.
Not all of those feature updates trigger a reboot, yes most of them do.
I do feel that alot of us are feeling this pain.

1 Like

Is there a way to force Syncro or Windows to check for updates and refresh the list of updates available on the Windows Patches tab? We would like to remotely push the KB5010793 patch to fix Meraki VPNs, but it’s not available on the laptops in the Windows Patches tab in Syncro.

Alternatively is there a better way to push the update?

Judging by what I am seeing, Syncro isn’t looking at optional updates. Not seeing any of these on my system except 70, 74, and 77, which superseded the pulled patches, the wks ones are optional updates.