Don't get all antsy over deploying Windows 8.1 Update just yet. Microsoft has identified a specific bug in how the update interacts with WSUS 3.2 over SSL. The resulting issue means that PCs with Windows 8.1 Update installed will never be able to scan again if the following are true:
- Client PC has installed Windows 8.1 Update
Windows 8.1 with Windows 8.1 Update attempts to scan against WSUS 3.2 running on any affected platform:
- Windows Server 2003 SP2, or
- Windows Server 2003 R2 SP2, or
- Windows Server 2008 SP2, or
- Windows Server 2008 R2 SP1
- HTTPS and Secure Sockets Layer (SSL) are enabled on the WSUS server
- TLS 1.2 is not enabled on the server
Microsoft is making some workarounds available for those with the update already installed and also suggesting that companies with the specific configuration halt deployment. The company is also temporarily suspending distribution of Windows 8.1 Update to WSUS servers.
Read the full proclamation: Windows 8.1 Update prevents interaction with WSUS 3.2 over SSL
Microsoft is promising a fix ASAP. Windows 8.1 Update is still available from MSDN, TechNet, and of course, over the consumerized, unmanaged version of WSUS, Windows Update. The bug is only affecting those companies using on-premise deployment servers and policies that take advantage of WSUS, including System Center Configuration Manager.
Hmmm...Cloud First, anyone?