Let’s understand how to fix ConfigMgr security updates installation failed errors. You might be already aware of the process of building Software update packages in SCCM. ConfigMgr also has a feature to update non-Microsoft applications. Intune also has a feature to deploy security patches through Windows Update for Business.
Installation of the Dot Net Security Updates failed through SCCM. The error message could be seen on the Software center: installation failed for .NET Framework 4.5 Security Updates. I try to share my experience in solving this .NET problem.
Also, you can understand what are the different methods to install the Dot NET framework on Windows 10 devices in the following post. Install .NET Framework 3.5 in Windows 10 | Quick Easy Way.
Introduction
Microsoft .NET Framework is one of the most popular application development platforms. C# and ASP.NET frameworks are used by millions of developers for building “Windows client applications, XML Web services, distributed components” and so on. It’s no surprise that ensuring the top-notch performance of .NET applications is a foremost need for most application owners and developers.
Wondering why we are talking about .NET Framework here in the SCCM post? Ok, So let me clarify. We have been getting a lot of questions lately related to .NET Framework patches deployed through SCCM & failed to install.
It’s still uncertain about who should troubleshoot it if any of the .NET patches failed to install. So it’s no big deal. If other security patches related to OS are getting installed if deployed using SCCM then you do the math.
Several organizations have a “Single Point Of Contact” for both the “SCCM & Windows Server platform” so this post will be helpful for them. Without further delays let’s start.
SCOPE: Installation of the following Security Updates failed through SCCM. The error message could be seen on the Software center: installation failed for .NET Framework 4.5 Security Updates
Objective==To install the Security updates related to .NET on the servers.
Checked SCCM CACHE path where the failed security updates installer setup was found. C:\Windows\CCMCACHE.
Tried installing those updates from CACHE manually and got the error “Installation wizard doesn’t apply or is blocked by another condition on your computer”. This is a generic error and doesn’t give us much. MS has already published several methods and a few which can be seen in several MS articles are mentioned below:
Method 1:
Run the Windows Update troubleshooter.
https://docs.microsoft.com/en-us/windows/deployment/update/windows-update-troubleshooting
Method 2:
Disable the security software temporarily.
Note: Antivirus software can help protect your computer against viruses and other security threats. In most cases, you should not disable your antivirus software. If you do have to temporarily disable it to install other software, you should re-enable it as soon as you’re done. If you are connected to the Internet or a network during the time your antivirus software is disabled, your computer is vulnerable to attacks.
Method 3:
Put the computer in a clean boot state before proceeding with the installation of the windows update and install one update at a time and check which update is causing the issue.
Note: After installation of the windows update, follow Step 7 in the provided link to return your computer to Normal startup mode.
You can also install the updates (KB number) manually by downloading them from the Microsoft download center.
http://www.microsoft.com/downloads/en/default.aspx
So you followed all 3 methods and back to square. Now what? I mean you followed everything and still the .NET patch fails.
Then we check with the server owner if we can repair .NET from ARP (Add & Remove Program). When you do that then the installer asks us to point it to the working directory but you don’t have it. A few MS websites recommend repairing .NET by following the link below:
https://support.microsoft.com/en-ie/help/2698555/microsoft-net-framework-repair-tool-is-available
The website leads us to “NetFxRepairTool“ and the advantage is it repairs all the versions of .NET installed on that server. This also has 50-50. Sometimes the issue gets fixed permanently and in some cases, it comes back in the next month’s patching cycle.
Root Cause:
So the first thing I would like to know is why the repair failed when we initiated to repair .NET from ARP. That’s because no installer cache for .NET under c:\Windows\Installer. Please refer to the below article:
Missing Windows Installer Cache Files Will Require a Computer Rebuild. https://support.microsoft.com/en-us/kb/2667628
One of the MS Tech Heath Stewart has explained it very briefly. The page talks about Visual Studio but it applies in our case too. Link https://devblogs.microsoft.com/setup/update-does-not-apply-or-is-blocked-by-another-condition-on-your-computer/
Solution – ConfigMgr Security Updates Installation Failed
Uninstalled .NET Framework (All Version) from the machine. Downloaded the full package from the following site:
http://www.microsoft.com/en-us/download/confirmation.aspx?id=40779
Fresh installation was done for .NET Framework on the server. The security patch installation for .NET was successful.
NOTE: In case of uninstallation failed please use the .NET cleanup tool (Link given below) to remove all the versions of .NET installed on the server. Please take the approval from the application owner before you perform this action. https://www.microsoft.com/en-in/download/details.aspx?id=5942
Disclaimer – The information provided on the site is for general informational purposes only. All information on the site is provided in good faith, however, we make no representation or warranty of any kind, express or implied regarding the accuracy, adequacy, validity, reliability, availability, or completeness of any information on the website.
Resources
Author
My name is Deepak Rai, and I am a Technical Lead on SCCM and Intune with more than 14 years of experience in IT. My main domain is SCCM (AKA ConfigMgr, CB, MECM, etc.), Intune, and Azure (Runbooks). I have worked on several platforms (Active Directory, Exchange, Veritas NETBACKUP, Symantec Backup Exec, NDMP devices Like Netapp, EMC Data Domain, Quantum using Backup Exec 2010 and 2012, HP storage works 4048 MSL G3, Data Deduplication related troubleshooting.) in these 13 years but at last ended up to the technology from which I started as IT Engineer (SCCM).