Let’s understand how to fix ConfigMgr Security Updates Installation Failed errors. You might already be aware of the process of building Software update packages in SCCM.
ConfigMgr also has a feature that allows users to update non-Microsoft applications. Intune also has a feature that will enable the deployment of security patches through Windows Update for Business.
Installation of the Dot Net Security Updates failed through SCCM. The error message could be seen on the Software center: installation failed for .NET Framework 4.5 Security Updates. I try to share my experience in solving this .NET problem.
Also, you will understand the different methods of installing the Dot NET framework on Windows 10 devices in the following post. Install .NET Framework 3.5 in Windows 10 | Quick Easy Way.
Table of Contents
Introduction
Microsoft .NET Framework is one of the most popular application development platforms. Millions of developers use C# and ASP.NET frameworks to build “Windows client applications, XML Web services, distributed components,“ and so on. Unsurprisingly, ensuring the top-notch performance of .NET applications is a foremost need for most application owners and developers.
- Fix ConfigMgr 2010 Rollup Update Issue with Hotfix KB5001670 | SCCM
- ConfigMgr 2010 Known Issues Fixes | SCCM | Configuration Manager
- List of Fixed Issues with SCCM 2107 Rollup Update KB11121541
- Fix SCCM Client-Side Patching or Software Updates Issues Troubleshooting Tips
- ConfigMgr SCCM Software Updates Patching WMI Troubleshooting Tips Endpoint Manager
Are you wondering why we discuss the .NET Framework in the SCCM post? Okay, let me clarify. We have been getting a lot of questions lately related to .NET Framework patches deployed through SCCM that failed to install.
It’s still uncertain who should troubleshoot if any .NET patches fail to install, so it’s no big deal. If other security patches related to the OS are getting installed if deployed using SCCM, then you do the math.
Several organizations have a “Single Point of Contact” for both the SCCM and Windows Server platforms so that this post will be helpful for them. Without further delay, let’s start.
SCOPE: Installation of the following Security Updates failed through SCCM. The error message could be seen on the Software center: installation failed for .NET Framework 4.5 Security Updates
Objective==To install the Security updates related to .NET on the servers.
I checked the SCCM CACHE path where the failed security updates installer setup was found. C:\Windows\CCMCACHE.
I tried installing those updates from CACHE manually and got the error “Installation wizard doesn’t apply or is blocked by another condition on your computer”. This is a generic error and doesn’t give us much. MS has already published several methods, and a few, which can be seen in several MS articles, are mentioned below:
Method 1 | Method 2 |
---|---|
Run the Windows Update troubleshooter. https://docs.microsoft.com/en-us/windows/deployment/update/windows-update-troubleshooting | Disable the security software temporarily. |
Note: Antivirus software can help protect your computer against viruses and other security threats. In most cases, you should not disable your antivirus software. If you have to disable it to install other software temporarily, re-enable it as soon as you’re done. If you are connected to the Internet or a network when your antivirus software is disabled, your computer is vulnerable to attacks.
Method 3:
Put the computer in a clean boot state before installing the Windows update. Install one update at a time and check which update is causing the issue.
Note: After installing the Windows update, follow Step 7 in the provided link to return your computer to Normal startup mode.
You can also install the updates (KB number) manually by downloading them from the Microsoft download center.
http://www.microsoft.com/downloads/en/default.aspx
So you followed all 3 methods and went back to square. Now what? You followed everything, and still, the .NET patch fails.
Then, we check with the server owner if we can repair .NET from ARP (Add & Remove Program). When you do that, the installer asks us to point it to the working directory, but you don’t have it. A few MS websites recommend repairing .NET by following the link below:
https://support.microsoft.com/en-ie/help/2698555/microsoft-net-framework-repair-tool-is-available
The website leads us to NetFxRepairTool, the advantage of which is that it repairs all the versions of .NET installed on that server. This also has 50-50. Sometimes, the issue gets fixed permanently, and in some cases, it returns in the next month’s patching cycle.
Root Cause:
So, the first thing I would like to know is why the repair failed when we initiated the repair .NET from ARP. That’s because there is no installer cache for .NET under c:\Windows\Installer. Please refer to the below article:
Missing Windows Installer Cache Files Will Require a Computer Rebuild. https://support.microsoft.com/en-us/kb/2667628
One of the MS Tech Heath Stewart has explained it very briefly. The page talks about Visual Studio, but it applies in our case, too. Link https://devblogs.microsoft.com/setup/update-does-not-apply-or-is-blocked-by-another-condition-on-your-computer/
Solution – ConfigMgr Security Updates Installation Failed
Uninstalled .NET Framework (All Version) from the machine. Downloaded the full package from the following site:
http://www.microsoft.com/en-us/download/confirmation.aspx?id=40779
The .NET Framework was installed fresh on the server, and the security patch installation was successful.
NOTE: In case uninstallation fails, please use the .NET cleanup tool (Link given below) to remove all the versions of .NET installed on the server. Please get approval from the application owner before you take action. https://www.microsoft.com/en-in/download/details.aspx?id=5942
Disclaimer – The information provided on the site is for general informational purposes only. All information on the site is provided in good faith. However, we make no representation or warranty of any kind, express or implied, regarding the accuracy, adequacy, validity, reliability, availability, or completeness of any information on the website.
Resources
We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here – HTMD WhatsApp.
Author
Deepak Rai is a Technical Lead with over 14 years of experience in IT. He specializes in SCCM (AKA ConfigMgr, CB, MECM, etc.), Intune, and Azure (Runbooks). Throughout his career, he has worked on various platforms such as Active Directory, Exchange, Veritas NETBACKUP, Symantec Backup Exec, NDMP devices like Netapp, EMC Data Domain, Quantum using Backup Exec 2010 and 2012, and HP StorageWorks 4048 MSL G3. He also has experience in data deduplication-related troubleshooting. Ultimately, he returned to his roots as an IT Engineer focusing on SCCM technology.