How to Rollback a Patch using Configuration Manager

ByPrajwal Desai Hours
Comments 26 Comments

In this post we will see how to rollback a patch using configuration manager. Assume that you have deployed a set of updates to your windows computers and one of the update is really causing the issues with all the systems. Now you have been told to find that update and uninstall it from all systems. So you have to identify that update, this might need you to do a lot of troubleshooting to identify it. Once you do that you want to uninstall it from multiple systems. I will show you a simple way of uninstalling or removing a patch using SCCM. So let’s say you have identified that update and it’s KB3004394. Now that you know the KB number we can use the Task Sequence to uninstall patch from multiple systems. The task sequences can do lot of things. These tasks can deploy an operating system image to a destination computer, build and capture an operating system image from a set of operating system installation files, and capture and restore user state information.

How to Rollback a Patch using Configuration Manager

Open the control panel on one of the client computer. Click on Programs > Programs and Features > Installed Updates. You can see which updates are installed on the system. In this example we will see how to uninstall KB3004394.

How to Rollback a Patch using Configuration Manager

PatchMyPC HorizontalAD
Patch My PC Sponsored AD

In the Configuration Manager console, navigate to Software Library > Overview > Operating Systems > Task Sequences. To start the New Task Sequence Wizard, right-click the Task Sequences node, and then click Create Task Sequence.

How to Rollback a Patch using Configuration Manager

On the Create a New Task Sequence page, select Create a new custom task sequence. Click Next.

How to Rollback a Patch using Configuration Manager

Specify a Task sequence name and click Next. Don’t choose any boot image in this step.

How to Rollback a Patch using Configuration Manager

Click Next on the Summary page.

How to Rollback a Patch using Configuration Manager

Finally click Close. You have just created a blank task sequence.

How to Rollback a Patch using Configuration Manager

Right click on the task sequence that you created, click on Edit. In the TS editor, click on Add > General > Click Run Command Line.

How to Rollback a Patch using Configuration Manager

In the command line type wusa.exe /uninstall /kb:KBNUMBER/quiet /norestart. Click OK. The TS is ready to be deployed.

Explanation of the command:

  • wusa.exe – Windows Update Standalone Installer executable.
  • /uninstall – The installer will uninstall the package.
  • /kb:KBNUMBER – Install/Uninstall the package associated with KBNumber.
  • /quiet – quiet mode, no user interaction here.
  • /norestart – Will not initiate reboot when combined with quiet mode.

How to Rollback a Patch using Configuration Manager

Right click the Task sequence and click Deploy. On the General page, click on Browse and choose the collection. Click Next.

How to Rollback a Patch using Configuration Manager

For Deployment Settings, choose Available or Required. In this example I have set the deployment setting to required. Click Next.

Difference between Available and Required in SCCM

Available – If the application is deployed to a user, the user sees the published application in the Application Catalog and can request it on demand. If the application is deployed to a device, the user will see it in the Software Center and can install it on demand. In simple words Available applications mean that users can choose to install the software when they want.

Required – The application is deployed automatically according to the configured schedule. However, a user can track the application deployment status if it is not hidden, and can install the application before the deadline by using the Software Center. Required applications have an installation schedule and automatically install if they are not already installed by a defined deadline.

How to Rollback a Patch using Configuration Manager

To schedule the deployment, click on New and choose the Assignment schedule as As soon as possible. Click Next.

How to Rollback a Patch using Configuration Manager

On Specify how to run the content for this program page, choose the Deployment options as Download all content locally before starting task sequence. Click Next.

How to Rollback a Patch using Configuration Manager

Click Close.

How to Rollback a Patch using Configuration Manager

After few minutes, launch the software center on the client machine and you will see that the task sequence has done its work. The patch has been uninstalled by the task sequence.

How to Rollback a Patch using Configuration Manager

If you are looking for which log file to check for troubleshooting purpose, you need to open smsts.log file located on the client machine.

How to Rollback a Patch using Configuration Manager

Avatar photo

Prajwal Desai is a Microsoft MVP in Enterprise Mobility. He writes articles on SCCM, Intune, Configuration Manager, Microsoft Intune, Azure, Windows Server, Windows 11, WordPress and other topics, with the goal of providing people with useful information.

26 Comments

  1. Avatar photo Khaldoun Ahmad says:

    Hello Brajwal,

    If i pushed a task sequence to remove a specifc KB while this KB is already pushed using ADR, does this guarantee that the KB will not be installed again using the ADR?

    Reply
  2. Avatar photo Christopher L Gatling says:

    the wusa uninstall command quiet mode does not work on server 2016 or 2019. do you know of a way to quietly remove updates from 2016/2019?

    Reply
  3. Avatar photo Aditi Vaidya says:

    The command with /quiet option do not work for Win 2019 server. When tried without /quiet it works. How do I uninstall the update with no user interaction on win 2019 servers?

    Reply
    1. Avatar photo Fernando Castor says:

      Hi.
      Now with acumulatives updates this comando doesnt works.

      Try with command – dism /Online /Remove-Package /PackageName

      For me works very well

      Reply
  4. Avatar photo Sarfraz Aslam says:

    I tried it to remove a June 2020 Windows 10 update. But in the software center the status is installing but nothing is happening. Also, checked the smsts.log, could not find anything.
    Task Sequence command is :
    c:\windows\system32\wusa.exe /uninstall /kb:4561602 /quiet /norestart

    Reply

  5. Hi Prajwal, Once you remove the KB with the Task Sequence, do you need to do anything to make sure it will not be installed again with the software update deployments? I have an issue with in KB only in one country

    Reply
  6. Avatar photo imambasha says:

    Hi , Can we remove patch from application and package model?if is a possible please provide me information both process.

    Reply
  7. Avatar photo Narendra Negi. says:

    I am trying to patch uninstallation command in windows10 Operating System it it not accepting this command.

    I tested this command on single system also it is getting error.

    Windows update could not be uninstalled because of error 2147942487 “The parameter is incorrect.” (Command line: “C:WINDOWSsystem32wusa.exe /uninstall /kb4230204.msu /quiet /log”).

    Reply

    1. That is because when you use /log switch, you have to provide the path for log file

      Reply
      1. Avatar photo Narendra Negi. says:

        I also tried command without /log still getting error.

        I tried command for both OS windows 7 and Windows 10 C:WINDOWSsystem32wusa.exe /uninstall /kb4230204 /quiet /norestart

        In windows7 is working but not working on windows10 please assist me.

        Reply

        1. It should be /kb:4230204

          Reply
      2. Avatar photo imambasha says:

        Can we remove the patch from application and package model? If is a possible please provide me process in package model.

        Reply

    2. I think there are missing after WINDOWS and system32. So it should be “C:WINDOWSsystem32wusa.exe /uninstall /kb4230204.msu /quiet /log” and maybe exclude the /log as per Prajwal’s comments.

      Reply
  8. Avatar photo Arindam Ganguly says:

    Hello ,

    I followed these steps to uninstall a KB on Windows 10 and the exit code is 87.
    Executing command line: smsswd.exe /run: wusa.exe /uninstall /kb:3163912 /quiet /norestart TSManager 8/8/2016 12:21:23 PM 768 (0x0300)
    [ smsswd.exe ] InstallSoftware 8/8/2016 12:21:24 PM 4540 (0x11BC)
    PackageID = ” InstallSoftware 8/8/2016 12:21:24 PM 4540 (0x11BC)
    BaseVar = ”, ContinueOnError=” InstallSoftware 8/8/2016 12:21:24 PM 4540 (0x11BC)
    ProgramName = ‘wusa.exe /uninstall /kb:3163912 /quiet /norestart’ InstallSoftware 8/8/2016 12:21:24 PM 4540 (0x11BC)
    SwdAction = ‘0001’ InstallSoftware 8/8/2016 12:21:24 PM 4540 (0x11BC)
    Command line for extension .exe is “%1” %* InstallSoftware 8/8/2016 12:21:24 PM 4540 (0x11BC)
    Set command line: Run command line InstallSoftware 8/8/2016 12:21:24 PM 4540 (0x11BC)
    Working dir ‘not set’ InstallSoftware 8/8/2016 12:21:24 PM 4540 (0x11BC)
    Executing command line: Run command line InstallSoftware 8/8/2016 12:21:24 PM 4540 (0x11BC)
    Process completed with exit code 87 InstallSoftware 8/8/2016 12:21:24 PM 4540 (0x11BC)
    Command line returned 87 InstallSoftware 8/8/2016 12:21:24 PM 4540 (0x11BC)
    Process completed with exit code 87 TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    !——————————————————————————————–! TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Failed to run the action: Remove Update KB3163912.
    The parameter is incorrect. (Error: 00000057; Source: Windows) TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Set authenticator in transport TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Set a global environment variable _SMSTSLastActionRetCode=87 TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Set a global environment variable _SMSTSLastActionSucceeded=false TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Clear local default environment TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    The execution engine ignored the failure of the action (Remove Update KB3163912) and continues execution TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Set authenticator in transport TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Updated security on object C:_SMSTaskSequence. TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Set a global environment variable _SMSTSNextInstructionPointer=1 TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Set a TS execution environment variable _SMSTSNextInstructionPointer=1 TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Set a global environment variable _SMSTSInstructionStackString= TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Set a TS execution environment variable _SMSTSInstructionStackString= TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Save the current environment block TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Set a global environment variable _SMSTSLastActionRetryCount=0 TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    The task exeuction engine successfully completed the execution TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Set authenticator in transport TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    **************************************************************************** TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Execution engine result code: Success (0) TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Cleaning Up. TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Removing Authenticator TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Cleaning up task sequence folder TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Unable to delete file C:_SMSTaskSequenceTSEnv.dat (0x80070005). Continuing. TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Failed to delete directory ‘C:_SMSTaskSequence’ TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    SetNamedSecurityInfo() failed. TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    SetObjectOwner() failed. 0x80070005. TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    RemoveFile() failed for C:_SMSTaskSequenceTSEnv.dat. 0x80070005. TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    RemoveDirectoryW failed (0x80070091) for C:_SMSTaskSequence TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Deleting volume ID file C:_SMSTSVolumeID.7159644d-f741-45d5-ab29-0ad8aa4771ca … TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Successfully unregistered Task Sequencing Environment COM Interface. TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Executing command line: “C:WindowsCCMTsProgressUI.exe” /Unregister TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    ==========[ TsProgressUI started in process 4432 ]========== TsProgressUI 8/8/2016 12:21:24 PM 3752 (0x0EA8)
    Command line: “C:WindowsCCMTsProgressUI.exe” /Unregister TsProgressUI 8/8/2016 12:21:24 PM 3752 (0x0EA8)
    Unregistering COM classes TsProgressUI 8/8/2016 12:21:24 PM 3752 (0x0EA8)
    Unregistering class objects TsProgressUI 8/8/2016 12:21:24 PM 3752 (0x0EA8)
    Shutdown complete. TsProgressUI 8/8/2016 12:21:24 PM 3752 (0x0EA8)
    Process completed with exit code 0 TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Successfully unregistered TS Progress UI. TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Start to cleanup TS policy TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    End TS policy cleanup TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Task Sequence Manager ServiceMain finished execution. TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Task Sequence Manager service will be reconfigured TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Task Sequence Manager service reconfigured successfully TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Sending success status message TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Set authenticator in transport TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    RegQueryValueExW is unsuccessful for SoftwareMicrosoftSMSTask Sequence, SMSTSEndProgram TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    GetTsRegValue() is unsuccessful. 0x80070002. TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    End program: TSManager 8/8/2016 12:21:24 PM 768 (0x0300)
    Successfully finalized logs to SMS client log directory from C:WindowsCCMLogs TSManager 8/8/2016 12:21:25 PM 768 (0x0300)

    Reply
    1. Avatar photo Oleg Proscurchin says:

      I’m getting same error 87. Just going crazy with this crap for few days already. Tried all possible and impossible with wusa – packages and TS – nothing works. As soon as I run the command from 32 bit CMD/Powershell it fails with “Installer encountered an error: 0x8000fffff /Catastrophic failure” . Disable 64-bit file system redirection also doesn’t help. I need to run it on windows 10 1909. Any help will be appreciated. Thanks.

      Reply
      1. Avatar photo Ian Paul Spencer says:

        Hi, I have loads of trouble using WUSA, I think it has to check on-line during the WUSA process. I discovered dism “dism.exe /online /add-package /packagepath:”C:\Windows\Temp\Windows10.0-KB4601345-x64_PSFX.cab” /quiet /norestart

        Unsure if it works in TS ok but it was much more successful than WUSA?

        Reply

  9. Hello,

    In the task sequence method can you have more than one KB in the TS? For instance could I have KB123456 and KB654321 in the same TS?

    Thank you again for your great articles!

    Reply
      1. Avatar photo Dinesh Kumar says:

        How to link the KB’s in command
        wusa.exe /uninstall /kb:KBNUMBER1 /kb:KBNUMBER2 /quiet /norestart
        or
        wusa.exe /uninstall /kb:KBNUMBER1 /quiet /norestart
        wusa.exe /uninstall /kb:KBNUMBER2 /quiet /norestart

        Reply

        1. Tell me if it worked.

          Reply
  10. Avatar photo aakash saxena says:

    I tried it to remove an Office update. But in the software center the status is installing but nothing is happening. Also, checked the smsts.log, could not find anything.

    Reply

  11. Will it works for server 2003?

    Reply

  12. Will it works in server 2003?

    Reply
  13. Avatar photo Cody Lee Clements says:

    Why would you choose to go with a TS when you could create an application and validate the update was removed?

    Reply

    1. Yes you are correct. But i wanted to show that a Task sequence can also do this.

      Reply
      1. Avatar photo Mike Compton says:

        In which case, you should make clear in the opening paragraph, that this is not the best solution, wrapping the command in the task sequence engine is an unnecessary complication and overhead on the client; more to go wrong, more logs to check.

        If you create the update as an Application, and enter the command line to remove it, you have the added benefit of being able to scan the system using a powershell script to confirm the hotfix has been removed, you can also control the restart better.

        The above solution is far from the best available in SCCM 2012 i think.

        Reply

Leave a Reply

Your email address will not be published. Required fields are marked *