Hello, 

We are using SCCM 2012 R2 to deploy software updates. 

On Windows 8.1 SCCM does not show certain updates as being needed and isn't deploying them to the clients even though Windows Update will show them as high importance. These same updates are being detected and deployed to Windows 8 clients successfully.

I believe that the update catalog that WSUS uses may have some incorrect detection rules for the following updates:  

2917933

2913320

2913270

2913152

2909569

2904440

2904266

2903939

2899189 

2893984

2893294

2892074

2916626

2898785

My automatic deployment rules include Windows 8.1 in the product category. I have even created a standalone rule for Windows 8.1 that builds a new package and the behavior is the same. 

We only have a handful of Windows 8+ clients so this hasn't been a big issue but others may want to keep an eye out. 

A little history - Adobe released a new update to flash player for Active X 12.0.0.38. We deployed that update through SCUP and it was failing to install on our windows 7 and 8 clients. A couple days later Adobe released an update for that update which fixed the deployment. 

I was a bit puzzled why it was deploying active x to windows 8 since it's built into the browser so after the windows 7 clients were resolved I started playing around with the windows 8 machines. That's when I discovered that some updates (like flash for IE 11) were not being presented to the clients. 

I believe that the update catalog that WSUS uses may have some incorrect detection rules for the following updates:  

That's a lot of updates in the list to be accused of having incorrect detection logic. Some of those updates are applicable only to Windows 8.1 systems, so it would be real stretch to claim that logic is defective ... especially since some of them are a couple cycles old. (KB2913320 was released six weeks ago.)

I'd be more inclined to think (since WU says the updates are needed), that there's some deficiency in your distribution infrastructure and those updates are Not Available to the Windows 8.1 systems at this moment, which is why they're not getting installed.

The Windows 8.1 clients are getting some updates from SCCM like the Malicious Software removal toolkit so overall software updates are working. 

If I search under All Software Updates in  SCCM for the KBs listed by Windows Update I can find them, but number of machines required = 0. I created a new automatic deployment rule with a new package that only contains updates for the Windows 8.1 product and had similar results. That's why I believe there might problem with the detection rules. 

I am also running into this issue.  After "checking online for updates" on one of my machines in office I found that there were 21 important updates for my 8.1 box.  When I cross reference them in SCCM under All Software Updates, it appears these 8.1 updates are not listed.  They are however listed for all other OS.  

10 seconds after typing this, I went in to verify my WSUS ->  Products and Classifications settings and come to find 8.1 and 2012 R2 weren't selected, even though it's an option in SCCM.  Go figure!  This wasn't the end though.  After running a Synchronization, my issue still wasn't resolved.  Went back to check my settings and they again were changed back to having these OS unchecked.  Finally, a solution!  I found that in SCCM, under Administration tab, Site Configuration > Sites > ABC - Mysitename, right click and scroll down to "Configure Site Components" > Software Update Point.  This setting (although the same as is in WSUS) takes precedence, thus was rolling my settings back to the original configuration in WSUS.

So long story short, even though my automatic deployment rules stated approve all windows 7/8/8.1 criticals/importants, 8.1 was getting skipped for the most part because my WSUS server wasn't syncing with Microsoft for all of the updates I required.  I did have a couple of updates that squeezed through because they were categorized as "Security Updates for Windows 8, 8.1".

Not sure if this is the solution you were looking for, but your thread got me started in the right direction, hopefully this response helps in the same way!

Thanks!

I am also running into this issue.  After "checking online for updates" on one of my machines in office I found that there were 21 important updates for my 8.1 box.  When I cross reference them in SCCM under All Software Updates, it appears these 8.1 updates are not listed.  They are however listed for all other OS.  

10 seconds after typing this, I went in to verify my WSUS ->  Products and Classifications settings and come to find 8.1 and 2012 R2 weren't selected, even though it's an option in SCCM.  Go figure!  This wasn't the end though.  After running a Synchronization, my issue still wasn't resolved.  Went back to check my settings and they again were changed back to having these OS unchecked.  Finally, a solution!  I found that in SCCM, under Administration tab, Site Configuration > Sites > ABC - Mysitename, right click and scroll down to "Configure Site Components" > Software Update Point.  This setting (although the same as is in WSUS) takes precedence, thus was rolling my settings back to the original configuration in WSUS.

So long story short, even though my automatic deployment rules stated approve all windows 7/8/8.1 criticals/importants, 8.1 was getting skipped for the most part because my WSUS server wasn't syncing with Microsoft for all of the updates I required.  I did have a couple of updates that squeezed through because they were categorized as "Security Updates for Windows 8, 8.1".

Not sure if this is the solution you were looking for, but your thread got me started in the right direction, hopefully this response helps in the same way!

Thanks!

• Marked as answer by nbot22 17 hours 11 minutes ago

I am also running into this issue.  After "checking online for updates" on one of my machines in office I found that there were 21 important updates for my 8.1 box.  When I cross reference them in SCCM under All Software Updates, it appears these 8.1 updates are not listed.  They are however listed for all other OS.  

10 seconds after typing this, I went in to verify my WSUS ->  Products and Classifications settings and come to find 8.1 and 2012 R2 weren't selected, even though it's an option in SCCM.  Go figure!  This wasn't the end though.  After running a Synchronization, my issue still wasn't resolved.  Went back to check my settings and they again were changed back to having these OS unchecked.  Finally, a solution!  I found that in SCCM, under Administration tab, Site Configuration > Sites > ABC - Mysitename, right click and scroll down to "Configure Site Components" > Software Update Point.  This setting (although the same as is in WSUS) takes precedence, thus was rolling my settings back to the original configuration in WSUS.

So long story short, even though my automatic deployment rules stated approve all windows 7/8/8.1 criticals/importants, 8.1 was getting skipped for the most part because my WSUS server wasn't syncing with Microsoft for all of the updates I required.  I did have a couple of updates that squeezed through because they were categorized as "Security Updates for Windows 8, 8.1".

Not sure if this is the solution you were looking for, but your thread got me started in the right direction, hopefully this response helps in the same way!

Thanks!

• Marked as answer by nbot22 Friday, February 07, 2014 7:09 PM

I found that in SCCM, under Administration tab, Site Configuration > Sites > ABC - Mysitename, right click and scroll down to "Configure Site Components" > Software Update Point.  This setting (although the same as is in WSUS) takes precedence, thus was rolling my settings back to the original configuration in WSUS.

To this point, you should never configure a Software Update Point using the WSUS console. The SUP must be configured from the Configuration Manager console.

Second point... Automatic Deployment Settings are completely independent of SUP Synchronization settings. You can't deploy what hasn't been synchronized, although there are theoretically scenarios in which you might still want an ADR for legacy content, but no longer choose to 'sync' that category after it's arrived.

That was the issue. Thank you very much!