News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Many reports of errors when trying to install the latest .NET patch on Win7 systems with Extended Security Updates enabled

    Home Forums AskWoody blog Many reports of errors when trying to install the latest .NET patch on Win7 systems with Extended Security Updates enabled

    • This topic has 81 replies, 26 voices, and was last updated 1 month ago.
    Viewing 23 reply threads
    • Author
      Posts
      • #2261948 Reply
        woody
        Da Boss

        Looks like a clunker. @BobT reports: KB4556399 (Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8
        [See the full post at: Many reports of errors when trying to install the latest .NET patch on Win7 systems with Extended Security Updates enabled]

        3 users thanked author for this post.
      • #2261989 Reply
        gkarasik
        AskWoody Plus

        No problems on multiple Win7/32bit/Ent systems. I have seen problems with updates to 64bit systems that never manifested on 32bit systems.

        GaryK

        1 user thanked author for this post.
      • #2261990 Reply
        Susan Bradley
        AskWoody MVP

        Can anyone impacted do the following:

        (I’ll post there as well)

        - go to http://aka.ms/vscollect.exe 
        - download and run the log collector
        - collect and share the contents from %temp%\vslogs.zip?
        
        Send me an email to sb@askwoody.com

        Susan Bradley Patch Lady

      • #2262000 Reply
        Susan Bradley
        AskWoody MVP

        Just a fyi – I can’t repro this on my Windows 7 ESU.

        Mind you I installed https://www.catalog.update.microsoft.com/Search.aspx?q=KB4538483 the revised May version.

        Susan Bradley Patch Lady

      • #2262005 Reply
        Susan Bradley
        AskWoody MVP

        It appears to me to be failing on those with the ESU bypass script.  It works fine one my Windows 7 with a ESU key.  Folks I’ll say it again, buy a ESU key.  Microsoft has made it easy to get them now for us peons.  Trying to go around the rules means you’ll get nailed like this.

        Susan Bradley Patch Lady

        2 users thanked author for this post.
        • #2262020 Reply
          anonymous
          Guest

          Could you post a link for the peons, please, Susan?  I do have an ESU license, but I purchased it back when one had to sacrifice a goat and a limb of their choice, and I seem to have missed it when Microsoft dropped those requirements.  Would be nice to know where to go if I need any other ESUs in the future.

          • #2262026 Reply
            PKCano
            Da Boss

            The updated License Preparation Pack link is here.

          • #2262037 Reply
            Susan Bradley
            AskWoody MVP

            https://forms.office.com/Pages/ResponsePage.aspx?id=CEtIRBCvwEyPI4AgwsgbpPcTYf1jGDxMoOAm3rKwHJVUOTg0M1JXSUJKQjREMElWODdXQ1FVS0tDVy4u  You enter your info there and Amy and Ted can get you a Windows 7 key.

            Susan Bradley Patch Lady

            • #2262170 Reply
              Graham
              AskWoody Lounger

              What if you don’t happen to be one of those who live in the US? (I.e. the majority of those on this planet.)

              • #2262173 Reply
                Pim
                AskWoody Plus

                You can still order from them (I asked the same question a couple of months ago).

                ASRock Beebox J3160 - Win7 Ultimate x64
                Asus VivoPC VC62B - Win7 Ultimate x64
                Dell Latitude E6430 - Win7 Ultimate x64
                Dell Latitude XT3 - Vista Ultimate x86 (still...)
                Gigabyte GA-H110M-HD3 DDR3 - Win10 Pro 1809 x64

            • #2262861 Reply
              anonymous
              Guest

              I think this advice was premature. The people at MDL have solved the problem.

              Furthermore, the cost of a license is considerable. SusanBradley mentioned $65, but that’s apparently only for the first calendar year. This means that if you buy one today, it expires on 31 Dec 2020.

              Someone on MDL wrote the following: “I’m not sure how it works in the USA, but after reading her comment, I contacted a friend here in Germany today who’s involved in his university’s contract with M$.

              The university pays around 60 euros per machine – they only have a few still running Win 7 – but this is only for the current calendar year. That is, if you somehow bought a license today, it would expire at the end of 2020.

              For 2021, you’d have to buy another one-year ESU license. However, my friend said the price is expected to double, and then double again for 2022. This last bit of info is speculation, but based upon well-sourced rumors.​”

              Again, I don’t know how things work in the US. Your mileage may vary.

              1 user thanked author for this post.
        • #2262031 Reply
          woody
          Da Boss

          Ouch.

          @abbodi86, can you confirm?

      • #2262058 Reply
        abbodi86
        AskWoody_MVP

        It has nothing to do with KB4538483 or the script

        simply, .NET 4.x patches are using different validation method to verify ESU eligibility

        W7ESUI only handle .NET 3.5.1 patch

        i suspect that extracting the bundled msp file (inside exe) and installing directly should bypass the ESU check

        or use repacked .NET installer (based on administrative MSI installation)

        8 users thanked author for this post.
        • #2262098 Reply
          T
          AskWoody Plus

          That’s interesting to know, i’ll be sure to grab that one.

          I’d sort of forgotten about .net updates after win7 fell out of general support because if they’re no longer offered through update i just find them a confusing mess of which ones to download and install, particularly if you go the security only route and not quite fully knowing exactly which framework version i have installed.

          1 user thanked author for this post.
        • #2262147 Reply
          TonyC
          AskWoody Lounger

          I am still running a W7 Home Premium system and updating it with the W7ESUI script. The system is not eligible for ESU. I would appreciate some clarification on what abbodi86 has stated.

          My W7 system has only .NET Framework 3.5.1 installed. Suppose I were to download KB4552940 (2020-05 Security and Quality Rollup for .NET Framework 3.5.1) from the Microsoft Update Catalog, could I install this rollup directly? Or could I even install it using the W7ESUI script along with the other May 2020 W7 and IE11 updates?

          (And yes, I know that I should wait for MS-DEFCON ≥ 3 before installing any May updates!)

          • #2262186 Reply
            abbodi86
            AskWoody_MVP

            Yes, W7ESUI can handle and install KB4552940

            the issue is in .NET 4.x patches, because they use different eligibility check

          • #2262187 Reply
            ch100
            AskWoody_MVP

            Installing KB4552940 (for .NET 3.5.1) separately should work.

        • #2262185 Reply
          ch100
          AskWoody_MVP

          Still failing after applying the msp directly.
          Here is the error in the Application Log.

          Windows Installer reconfigured the product. Product Name: Microsoft .NET Framework 4.7.2. Product Version: 4.7.03062. Product Language: 0. Manufacturer: Microsoft Corporation. Reconfiguration success or error status: 1603.

          1 user thanked author for this post.
      • #2262077 Reply

        Just a fyi – I can’t repro this on my Windows 7 ESU.

        Mind you I installed https://www.catalog.update.microsoft.com/Search.aspx?q=KB4538483 the revised May version.

        Susan,

        I already have the February 12 version of KB4538483; does this mean that, as an ESU user, I have to go install it _again_? Won’t Windows freak out and say “You already installed this patch,”?

        Oh, my aching cerebellum.

        Win7 Pro SP1 64-bit ESU, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Patch List", Multiple Air-Gapped backup drives in different locations, "Don't auto-check for updates-Full Manual Mode." Linux Mint Greenhorn
        --
        "A committee is the only known form of life that has at least six legs and no brain."

        -Robert Heinlein

        • #2262092 Reply
          Susan Bradley
          AskWoody MVP

          That’s what a Microsoft technical account manager told a customer, that we have to install it again.

          Susan Bradley Patch Lady

          1 user thanked author for this post.
          • #2262120 Reply

            That’s what a Microsoft technical account manager told a customer, that we have to install it again.

            Susan, a couple of questions:

            1.  When did you twig to this need to update this existing KB? It bears the date stamp of 5/5/20, but I missed whatever n0tification was put out there to get it, if there was one.
            2. Shall we win 7 ESU’ers download this updated version now, or wait until this dust cloud settles?
            3. Is it just me, or is it dumb to update a KB and _not_ give it a new number? :/

            Info: as of tonight 10PM PST WU “Important” shows:

            A) 2020-05 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 for x64 (KB4556399) [unchecked-huh?]

            B) 2020-05 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4556836) [checked]

            Windows Malicious Software Removal Tool x64 – v5.82 (KB890830) [checked]

            …and no mention of anyone needing a new KB4538483.

            (Terribly confusing. MSFT seems to be going out of their way to make life miserable for WIN 7 ESU’ers. Broken mirrors, troubled waters, smoke and mirrors, things popping out at you from corners, it’s a malignant funhouse!)

            BTW Many Thanks for all your great help; almost every month it seems like “The Charge of the Light Brigade” we all have to go through! (“…someone had blundered…”)

            Win7 Pro SP1 64-bit ESU, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Patch List", Multiple Air-Gapped backup drives in different locations, "Don't auto-check for updates-Full Manual Mode." Linux Mint Greenhorn
            --
            "A committee is the only known form of life that has at least six legs and no brain."

            -Robert Heinlein

            1 user thanked author for this post.
      • #2262078 Reply
        anonymous
        Guest

        Susan edit: This appears to only fail if you have used the bypass script. On a Windows 7 with an ESU key it installs just fine.

        My client has 5000, Windows 7 with an ESU key and about 90% of the machines have the issue. It is not just bypass script.

        6 users thanked author for this post.
      • #2262106 Reply
        rick41
        AskWoody Plus

        I have a Win7 64-bit ESU license (from Harbor).  FWIW, upon “checking for updates,” KB4556399 remained on the update list but is no longer pre-selected.

        2 users thanked author for this post.
      • #2262169 Reply
        armond
        AskWoody Plus

        Nope, I have an ESU key and can’t install this one either manually or via MU/MSU. Good job Microsoft.

        2 users thanked author for this post.
      • #2262211 Reply
        abbodi86
        AskWoody_MVP

        This bypass the check, thanks to @vinzf

        run in Command Prompt as administrator
        for x86:
        ndp48-kb4552921-x86_608b67e4011b9e103ca18deadbfc013d1c328508.exe /msioptions "ESU_LOCK=2D40812E-974C-4EA2-8DCC-63C992D505B9"

        for x64:
        ndp48-kb4552921-x64_6912af0422fc16a14f4f398fda98117f1e2f01b8.exe /msioptions "ESU_LOCK=2D40812E-974C-4EA2-8DCC-63C992D505B9"

        for .NET 4.5.2 or 4.6-4.7.2 , choose the appropiate patch file name

        11 users thanked author for this post.
        • #2262236 Reply
          Cybertooth
          AskWoody Plus

          When I went to the Microsoft Update Catalog to download KB4556399, I got the following download window:

          KB4556399

          What’s the proper procedure  here–do I download all of the lsted files, and does it matter  in which order they get installed?

           

          Attachments:
          • #2262244 Reply
            PKCano
            Da Boss

            The Rollup is a bundle of separate individual patches for each version of .NET.

            Instead of clicking on the “download” link in the Catalog, click on the name of the .NET Rollup, then click on “More Information” in the box that pops up. That will take you to the MS Support page where it lists the separate patch for each version of .NET

            You only need the patches for the version(s) you have installed on your computer.

            3 users thanked author for this post.
          • #2262253 Reply
            abbodi86
            AskWoody_MVP

            Moreover, the NDP files names distingish them

            ndp48 = .NET 4.8
            ndp47 = .NET 4.7.2 downwards 4.6
            ndp45 = .NET 4.5.2

            6 users thanked author for this post.
            • #2262276 Reply
              Cybertooth
              AskWoody Plus

              OK, but then what do I do with the three non-ndp files that are also listed on the screenshot (msipatchregfix, kb4552940, kb4019990)?

               

              • #2262308 Reply
                abbodi86
                AskWoody_MVP

                You don’t need msipatchregfix, it’s for WU installation only

                you should install both kb4552940, kb4019990

                1 user thanked author for this post.
              • #2262459 Reply
                alpha128
                AskWoody Plus

                You don’t need msipatchregfix, it’s for WU installation only

                you should install both kb4552940, kb4019990

                But you only need to install kb4019990 if you DON’T already have it, correct?

                For example, on my system, I have:

                Source Description HotFixID InstalledBy InstalledOn
                —— ———– ——– ———– ———–
                <USER>-PC Update KB4019990 NT AUTHORITY\SYSTEM 9/29/2017 …
                

                According the Update Catalog, this patch was last updated on 5/15/2017.

              • #2262460 Reply
                PKCano
                Da Boss

                That is correct – only if you don’t already have it.

                1 user thanked author for this post.
              • #2262541 Reply
                BobT
                AskWoody Lounger

                I just ran all 6 files to check, in order, from oldest first. It said I already had the patches, or weren’t applicable, for every file bar the ndp4.8 one (as expected).

                Might have been because I already attempted to install the rollup itself through WU first? Unsure if it does a full rollback if one bit (ndp4.8) fails.

                Either way I used the parameter workaround in #2262211 and it worked just fine. After a reboot and a manual WU check, the patch then disappears from WU so seems sorted.

                Cheers!

        • #2262239 Reply
          woody
          Da Boss

          So is it true that “Error 643” only shows up on machines that don’t have the official ESU activated?

          1 user thanked author for this post.
          • #2262251 Reply
            abbodi86
            AskWoody_MVP

            Yes, failed ESU check is what (should) trigger it

            2 users thanked author for this post.
          • #2262280 Reply
            cadprofessor
            AskWoody Plus

            I am confused.  I have 5 ESU lic that have been working and updating fine over the last several months.  Can I just run the updates like I have been doing or do I need to run kb4538483 (ESU update??) before installing any of May updates.  Thanks.

        • #2266692 Reply
          T
          AskWoody Plus

          Apologies for dragging this up again but i just tried this method and it worked great for the security only update kb4552951 (.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2) but failed on security only update kb4552952 (.NET Framework 4.5.2) with the error message – ‘Software Update KB4552952 Installation Wizard does not apply, or is blocked by another condition on your computer.’

          I have all the prerequisites otherwise i assume kb4552951 would have failed so my question is, does .net 4.6-4.7.2 replace 4.5.2 and therefore the update is no longer applicable? That was my assumption but i was curious what you thought.

          • #2266701 Reply
            abbodi86
            AskWoody_MVP

            Yes, you don’t need 4.5.2 update in this case

            1 user thanked author for this post.
            T
            • #2266713 Reply
              T
              AskWoody Plus

              Wonderful! Thank you.

      • #2262317 Reply
        Purg2
        AskWoody Lounger

        Here is what I do when I need information about .NET Framework.  From this location in NDP, one can see all versions applicable (v2.0, v3.0, v3.5, v4).  Hope it helps.

        No need for a tool, just go to the registry & have a peek.  It won’t hurt to look.

        C:\Windows\regedit.exe

        This is the location to see v4.

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full

        On the right pane at the bottom of the list it will say Version.  Mine says 4.5.51650.

         

        Win 8.1 Group B, Linux Dabbler

      • #2262328 Reply
        John Riley
        AskWoody Plus

        I have three 2008r2 test servers that were previously successfully licensed for the ESU patches in January/February in our corporate environment.  Today, we began testing our SCCM/WSUS deployments on a small subset of test servers.  The latest ESU patch (KB4538483) installed successfully, but KB4556399 (Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8) then failed.  Looking at the ESU license (SLMGR /DLV), I see that all 3 servers are now “unlicensed”; all 3 are now refusing to re-activate.  Frustrating!!

        1 user thanked author for this post.
        • #2262340 Reply
          PKCano
          Da Boss

          Do you have the April SSU installed?

          • #2262367 Reply
            John Riley
            AskWoody Plus

            Yes, these installed successfully:
            KB4555449 – 2020-05 Servicing Stack Update for Windows Server 2008 R2
            KB4556798 – 2020-05 Security Update for IE 11
            KB4538483 – 2020-05 Extended Security Updates (ESU) Licensing Prep…
            KB4557900 – 2020-05 Update for Windows Server 2008 R2
            KB4556836 – 2020-05 Security Monthly Quality Rollup for Windows Server 2008 R2

            Server has been rebooted multiple times since, and I am unable to reactivate the ESU license due to error 0x80072F8F (“A security error occurred”).  Previously, these systems took the ESU license on the first try, while I had to activate others via the Microsoft Mobile website.  Now that website is no longer available, and its probably just going to be easier to restore these servers from a backup instead of trying to troubleshoot these inane patches.

            • #2262375 Reply
              PKCano
              Da Boss

              Check back in a while. I have thouched bases with Susan Bradley

            • #2262380 Reply
              Susan Bradley
              AskWoody MVP

              What do you mean by the Microsoft mobile website?

              Susan Bradley Patch Lady

              • #2262385 Reply
                Susan Bradley
                AskWoody MVP

                Also stupid question – is the date and time on these servers correct?

                Susan Bradley Patch Lady

              • #2262448 Reply
                John Riley
                AskWoody Plus

                Microsoft had a website designed for offline product activation geared towards mobile users, but which also worked to activate other MS products.  The website I was originally given by our TAM began https://msdev.gointeract.io/ but I have also seen some other users on various websites accessed it via microsoft.gointeract.io

                Sadly, that whole set of pages seems to be down now.  It was really very convenient.

        • #2262386 Reply
          ch100
          AskWoody_MVP

          Are your servers able to connect to the Internet, or only internally?
          There may be additional checks required.

      • #2262376 Reply
        rick41
        AskWoody Plus

        I usually practice Update Distancing until MS-Defcon 3 or better.  But something possessed me to try installing the new .NET patch KB4556399 on one of my Win7 64-bit Pro ESU systems, a Lenovo Thinkpad W530, even though as I stated above WU had changed it from pre-selected to unticked.   I did *not* reinstall KB4538483, which was originally installed on Feb 13.

        It went fine, and I haven’t noticed any side effects so far (other than strangely being offered a 2012 fingerprint driver update in the Optional section, which I promptly hid).  My ESU from Harbor was installed on Jan 15.

      • #2262438 Reply
        vandermeer
        AskWoody Lounger

        It wasn’t a “clunker”; there was apparently an intentional change in Microsoft’s programming.

        In any case, people working on the Bypass ESU effort at MDL have now come up with a solution that permits installation of the .NET patch.

      • #2262446 Reply

        I did *not* reinstall KB4538483, which was originally installed on Feb 13. It went fine,

        OK, now there’s some evidence that it’s NOT the lack of the 5/5/ KB4538483 that causes trouble.

        As one user above had his ESU license fouled up, I’m crawling back in the foxhole because the dust has definitely not settled on this one!

        Win7 Pro SP1 64-bit ESU, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Patch List", Multiple Air-Gapped backup drives in different locations, "Don't auto-check for updates-Full Manual Mode." Linux Mint Greenhorn
        --
        "A committee is the only known form of life that has at least six legs and no brain."

        -Robert Heinlein

      • #2262531 Reply
        vandermeer
        AskWoody Lounger

        I believe @abbodi86 reported it earlier #2262211.

        He certainly did. I made my comment in an attempt to provide some additional context.

        1 user thanked author for this post.
      • #2263068 Reply
        georgea
        AskWoody Lounger

        BypassESU-v7-AIO fixes the .net update issue.

        abbodi86 just posted an update to his script package on his mydigitallife “Bypass Windows 7 Extended Security Updates Eligibility” thread.

        And.. poor Susan B took quite an undeserved beating from some of the commenters in that thread.  Ouch.

        • This reply was modified 1 month, 3 weeks ago by georgea.
        • #2268710 Reply
          GoneToPlaid
          AskWoody Plus

          Yet v7 of BypassESU causes errors in the MS Installer. Specifically, msiexec.exe will frequently crash due to verifier.dll crashing. It is best to uninstall v7 and revert to v6 or v5 for the time being, and use the manual workaround to install the .NET update.

          I reverted to v5. Excluding the .NET update which I am still holding off on installing, I had no issues installing the other April and May updates. Note that I did not install version 2 of KB4538483 which is the ESU Licensing Preparation Package since the documentation for the May updates mentions that only the February version must be installed.

          • #2268900 Reply
            georgea
            AskWoody Lounger

            Huh.  I’ve used V7 [which is V6 with an extra component for .net patches] on at least half a dozen W7-pro systems with no problems.  Just V1 of the ESU Licensing Preparation Package.  I have not tried installing much since using V7 but I see an update from May 25 on the main MDL page for V7 saying:

            Notice: Regarding .NET 4 ESU Bupass option in BypassESU-v7
            it has incompatibility issue and may cause msiexec.exe to crash
            in that case, it’s recommended to remove it, and use the manual workaround listed below to install NDP4 updates.

            So this is good to know.

            • This reply was modified 1 month ago by georgea.
      • #2263151 Reply
        anonymous
        Guest

        When trayingh to run this I get  ndp48-kb4552921-x64_6912af0422fc16a14f4f398fda98117f1e2f01b8.exe is not recognized as an internal or external command

        • #2263154 Reply
          PKCano
          Da Boss

          The correct syntax is in #2262211 above. To find what versions of .NET are installed on your computer, see #2262302. Screenshot is in the post immediately below.

      • #2263155 Reply
        anonymous
        Guest

        Screen shot of error.  I fail to see context error.

        Microsoft Windows [Version 6.1.7601]
        Copyright (c) 2009 Microsoft Corporation. All rights reserved.

        C:\Windows\system32>ndp48-kb4552921-x64_6912af0422fc16a14f4f398fda98117f1e2f01b8
        .exe /msioptions “ESU_LOCK=2D40812E-974C-4EA2-8DCC-63C992D505B9”
        ‘ndp48-kb4552921-x64_6912af0422fc16a14f4f398fda98117f1e2f01b8.exe’ is not recogn
        ized as an internal or external command,
        operable program or batch file.

        C:\Windows\system32>

        • #2263163 Reply
          anonymous
          Guest

          Here is what I am giving to the command prompt just as copied from #2262211 above.

          ndp48-kb4552921-x64_6912af0422fc16a14f4f398fda98117f1e2f01b8.exe /msioptions “ESU_LOCK=2D40812E-974C-4EA2-8DCC-63C992D505B9”

          I have .NET Framework version 4.8.03761 installed on my computer.

           

        • #2263191 Reply
          RDRguy
          AskWoody Lounger

          You’re getting this error because you’re running the command from within the default administrators command prompt directory “C:\Windows\system32”.

          You need to run the command from within the directory that the .NET update file “ndp48-kb4552921-x64_6912af0422fc16a14f4f398fda98117f1e2f01b8
          .exe” is stored in.

          Suggestion:
          1) Create the folder “ESU” in the “C:” drive root directory (or any other drive)

          2) Copy / Move the appropriate .NET update file to the ESU folder just created

          3) Open the Administrators Command Prompt

          4) Assuming that the ESU folder was created on drive “C:”, change the active directory to where the .NET update file is located by entering the following command => CD C:\ESU (the command prompt should now be … “c:\ESU>” not “C:\Windows\system32>”)

          5) Run @abbodi86‘s .NET update command listed in his previous post #2262211.

          Win7 - PRO & Ultimate, x64 & x86
          Win8.1 - PRO, x64 & x86
          Groups A, B & ABS

          4 users thanked author for this post.
          • #2263369 Reply
            anonymous
            Guest

            Thank goodness you are smart enough to realize how dumb I am and to do two things to help me out.

            1. Explaining why I was getting the error I was getting so I could understand my problem.
            2. Giving explicit,  easy to follow,  step by step instructions even I could follow to get things to work properly.

            Thanks to you KB4552921 has successfully updated my version 4.8 NET Framework.  I don’t think this would ever have happened without your help

            Thank you very much!

            2 users thanked author for this post.
            • #2263414 Reply
              RDRguy
              AskWoody Lounger

              You’re welcome – that’s why we’re all here & I couldn’t have done it without you 1st posting the pertinent details (transcript of your screen shot) about the problem.

              I’ve done this a time or 2 myself when I’m in a hurry not paying enough attention trying to get something done quick.

              Win7 - PRO & Ultimate, x64 & x86
              Win8.1 - PRO, x64 & x86
              Groups A, B & ABS

      • #2263618 Reply
        rick41
        AskWoody Plus

        I usually practice Update Distancing until MS-Defcon 3 or better.  But something possessed me to try installing the new .NET patch KB4556399 on one of my Win7 64-bit Pro ESU systems, a Lenovo Thinkpad W530, even though as I stated above WU had changed it from pre-selected to unticked.   I did *not* reinstall KB4538483, which was originally installed on Feb 13.

        It went fine, and I haven’t noticed any side effects so far (other than strangely being offered a 2012 fingerprint driver update in the Optional section, which I promptly hid).  My ESU from Harbor was installed on Jan 15.

        Where I say, “I did *not* reinstall KB4538483, which was originally installed on Feb 13,” I should have also pointed out that it was not offered to me by WU, so I would have had to install it via the catalog.

        I wonder if the fact that KB4538483’s May revision wasn’t offered to me via WU means MS did an assessment and determined that my system didn’t need it?  (…Even though the original version, which was definitely required,  was available *solely* via the catalog.)

      • #2263721 Reply

        That’s what a Microsoft technical account manager told a customer, that we have to install it again.

        Susan, I did what you said and installed the May version of KB4538483, but WU is STILL showing the .Net update as “unchecked”:

        2020-05 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 for x64 (KB4556399)

        I see on your patch list 399’s on “Hold”, just as 2020-05 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4556836) is.

        Just thought I’d add some input. The new KB4538483 seems to have had no effect on KB4556399’s “unchecked” status. Something still fishy going on here.

        …and thanks for the tip on the new KB4538483; it wasn’t in WU, and I would not have known about it except through you; MSFT has been “hiding their light under a bushel”, or in the 3rd sub-basement janitor’s closet behind the sign “Beware The Leopard”.

        Madness!

        Win7 Pro SP1 64-bit ESU, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Patch List", Multiple Air-Gapped backup drives in different locations, "Don't auto-check for updates-Full Manual Mode." Linux Mint Greenhorn
        --
        "A committee is the only known form of life that has at least six legs and no brain."

        -Robert Heinlein

      • #2268506 Reply
        glnz
        AskWoody Plus

        One thing I don’t understand.  Where should I be when I run for x64:
        ndp48-kb4552921-x64_6912af0422fc16a14f4f398fda98117f1e2f01b8.exe /msioptions "ESU_LOCK=2D40812E-974C-4EA2-8DCC-63C992D505B9"  ?

        That is, am I running any cmd window from my Start button, or am I running only abbodi86’s special tool in the WE7UI folder I created for it?  And should I first go to (cd) the folder where I downloaded ndp48-kb4552921-x64_6912af0422fc16a14f4f398fda98117f1e2f01b8.exe ?

        Thanks.

        • #2268515 Reply
          PKCano
          Da Boss

          See #2268381 and the link therein. And #2263345 above it.

          1 user thanked author for this post.
          • #2268516 Reply
            glnz
            AskWoody Plus

            Thanks again PKCano.  I’ll try it your way next time.

            Meantime, I succeeded just now by starting cmd as Administrator, using cd to go to the folder where I had downloaded the ndp48-kb4552921-x64_6912af0422fc16a14f4f398fda98117f1e2f01b8.exe
            and then pasting in the complete command from above
            ndp48-kb4552921-x64_6912af0422fc16a14f4f398fda98117f1e2f01b8.exe /msioptions "ESU_LOCK=2D40812E-974C-4EA2-8DCC-63C992D505B9"

            It worked.

            Amazing!!!   Many thanks again to abbodi86 and you.

            • #2268677 Reply
              glnz
              AskWoody Plus

              I tried it PKCano’s way on a different Win 7 Pro 64-bit machine, and it worked very nicely.  Faster than using cmd.

              If you follow PKCano’s links just above, this means (a) making a shortcut of the .NET update file, and (b) in the shortcut’s “target” adding the
              /msioptions "ESU_LOCK=2D40812E-974C-4EA2-8DCC-63C992D505B9"

              (preceded by a space by the way).  Then running the shortcut as Administrator.

              Thanks again, PKCano.

              • #2268687 Reply
                PKCano
                Da Boss

                Thank @mattchu – he’s the one that came up with that method.

                See #2262363.

                1 user thanked author for this post.
              • #2268697 Reply
                Moonbear
                AskWoody Lounger

                When you use the bypass then run the .exe as admin, should the user be asked to accept a license agreement in the install wizard?

              • #2268699 Reply
                PKCano
                Da Boss

                Yes. That was the way it worked in XP too. Remember?

                1 user thanked author for this post.
              • #2268705 Reply
                Moonbear
                AskWoody Lounger

                Not really, no. Back then I never used anything but Windows Update.

                Until Microsoft changed how patches were offered, I’d never installed a patch manually.

                1 user thanked author for this post.
      • #2268746 Reply
        AmyO
        AskWoody Plus

        Hi Susan,
        Hope all is well.  About to do the May security rollup (KB 4556836) for my Win 7 Pro x64 systems, and wasn’t sure if when I run windows update:
        (1) if the KB4538483 ESU 5/9/20 version shows up if I should download/install it?  I (obviously) have the prior  ESU (Feb?) version (via  Harbor I have the purchased ESUs- thanks  to your help!.),  and if (2) KB4556403/4556399 Net update shows up with (assuming so) check in box if I should install too?  Haven’t run windows update yet.  Thanks in adv for your advice.  Amy 🙂

    Viewing 23 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Many reports of errors when trying to install the latest .NET patch on Win7 systems with Extended Security Updates enabled

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.