Jump to content
Welcome to our new Citrix community!
  • 0

OS Updates not Applying when Publishing to PVS

Xavier Blackwood




I started using App layering back in Sep 2017. Since then I have steadily patched the base OS Layer ( 2016 cumulative Windows Updates) by creating new OS versions, all updates are installed correctly each time. The issue is after publishing the Image to PVS, Windows Update history in Settings is reporting that it hasn't checked for updates since Sep 2017. If I check the Add Remove Windows Updates in control panel I see mostly updates from back in Sep. Windows Defender also states that it's definitions are out of date (back to Sept 2017). I have read that the Platform Layer has the highest priority and I'm speculating that it is overwriting Windows Update files when the layers are combined.


This surely cannot be normal.. Do you have to create a new Platform Layer every time a new OS version is created and patched? If this is the case that would make App layering even slower than it already is for patching. It already takes 2-3 hours to do any new layers in my environment.


I am currently on ELM 4.9 ( updated today)

PVS is 7.15

Windows Server 2016 (Patches fully up to date as of Feb 15)

ESX 6.5





Link to comment

4 answers to this question

Recommended Posts

  • 0
17 hours ago, Gunther Anderson said:

The updates are there.  What's missing is the registry data listing the installed updates.  The files are indeed modified, however.  See https://support.citrix.com/article/CTX226984.




Thanks for the reply Gunther.


So this going to be the norm for App Layering or will this be fixed in the future. It is hard explaining to management that a server is really patched when Windows says it isn't. Also the problem with this theory is, if I do a check for updates Windows try's to download and install the same updates again.



Link to comment
  • 0

You should never be doing a check for updates on a published machine, though, or on an app layer (unless it's Office and you're carefully only pulling Office updates).  You should only be pulling updates into the OS layer, and the list is always correct in the OS layer.


However, you're right, that this is just as much a management issue.  We've raised the issue with product management and Engineering, but I can't say officially if or when we would do this.  It's a non-trivial effort, because we'd need to always pull the update list from every source and reconstruct it so that the conflicts are handled and merged.  And I suspect we'd have to ignore the case where an update is installed in the OS layer and uninstalled in another layer, because tracking negative information like that is actually surprisingly difficult.  So, I doubt it will be anything soon, but I suspect we do have to solve this eventually.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...