Microsoft Security Update KB2965788, released on June 10, 2014, requires multiple restarts when applied during an SCCM Task Sequence

Microsoft Security Update for Windows 7 for x64-based Systems (KB2965788), which was released on June 10, 2014, as one of that month’s Patch Tuesday updates and titled MS14-030: Description of the security update for Remote Desktop Security Release for Windows: June 10, 2014, appears to cause multiple restarts when applied during the Install Software Updates step within a System Center Configuration Manager Task Sequence. The second restart is not controlled by the Task Sequence engine and causes the engine to be unable to resume the Task Sequence when the computer comes back up after the second restart. The Task Sequence therefore fails to complete.

This behavior is a known issue with software updates that require multiple restarts, as documented in KB2894518, titled Task sequence fails in Configuration Manager if software updates require multiple restarts.

At my firm, we deploy Software Updates and other application updates during a maintenance Task Sequence. When the Task Sequence fails to complete after the Install Software Updates step, the TSManager component writes the following entries to smsts.log:

Failed to restore logs from cache. Execution history may be lost.
...
Failed to locate the local data path. The files needed to resume the task sequence are missing.  This could be because the task sequence finished while in Windows PE.  Please check the largest available partition for SMSTSLog\smsts.log file for more information.
The system cannot find the file specified. (Error: 80070002; Source: Windows)
Task Sequence Manager could not initialize Task Sequence Environment. code 80070002
Task sequence execution failed with error code 80070002
...
Error executing Task Sequence Manager service. Code 0x80070002
MP name must be set in an environment variable
Non fatal error 0x80004005 in sending task sequence execution status message to MP
Successfully finalized logs to SMS client log directory from C:\Windows\CCM\Logs

Microsoft’s recommendation in KB2894518 is to deploy updates that require multiple restarts outside of a Task Sequence. If you choose to deploy hotfix KB2965788 as a traditional package or an application using a required deployment, it can be downloaded from Security Update for Windows 7 for x64-based Systems (KB2965788).

7 thoughts on “Microsoft Security Update KB2965788, released on June 10, 2014, requires multiple restarts when applied during an SCCM Task Sequence

  1. Oliver Baty Post author

    I was asked to describe how I was able to determine that KB2965788 was causing the multiple restarts. As it happens, it was easier than usual to identify because only workstations, and not servers, were affected.

    I had deployed a Software Update Group containing the June 2014 updates to a collection of Windows 7 workstations and a collection of Windows 2008 R2 servers, and then ran our maintenance Task Sequence (which contains an Install Software Updates step) on one or more of the members of these collections. While each of the workstations failed to resume the Task Sequence after a restart, none of the servers had this problem. Each of the servers completed the Task Sequence successfully, although the servers did restart multiple times during the Task Sequence.

    So, I compared the updates that were installed on the workstations against those that were installed on the servers during the Task Sequence (although not all of the updates that were applied were part of the June 2014 updates, so I had to rule out some additional updates). The workstations and servers had a number of KBs in common, but the workstations installed three KBs that the servers did not install. It seemed likely that one or more of these Windows 7 workstation-specific hotfixes was causing the additional restart.

    The suspect hotfixes were:

    KB2952664
    http://support.microsoft.com/kb/2952664
    Compatibility update for upgrading Windows 7

    KB2957503
    http://support.microsoft.com/kb/2957503
    MS14-036: Description of the security update for Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, and Windows Server 2003: June 10, 2014

    KB2965788
    http://support.microsoft.com/kb/2965788
    MS14-030: Description of the security update for Remote Desktop Security Release for Windows: June 10, 2014

    I then used a process of elimination to determine which hotfix was responsible for the multiple restarts by removing each hotfix from the Software Update Group, running the Task Sequence on an unpatched workstation, and observing the result.

    First, I removed KB2952664 from the Software Update Group. The workstation restarted twice and did not resume the Task Sequence.
    Second, I removed KB2965788 from the Software Update Group. This time, the workstation did not restart twice and the Task Sequence completed successfully.
    Third, I re-added KB2952664 to the Software Update Group. The workstation did not restart twice and the Task Sequence completed successfully.

    This testing indicated that KB2965788 was solely responsible for the multiple restarts in our environment because removing it from the Software Update Group deployed to the collection of workstations allowed the Task Sequence to complete successfully.

  2. Andrew

    Hey Oliver, thanks heaps for this post. Will potentially save us a day of work! Not sure why Microsoft can’t provide this information to all of its SCCM users. Pretty hopeless of them!

  3. Reto

    thanks for posting, it saved me a few hours trouble shooting.
    I can confirm it also happens on Win7 x86.

Leave a Reply

Your email address will not be published. Required fields are marked *