Trouble Installing Patch (KB5056579) on Windows EC2 Instance
We are running Windows EC2 instances in production. Instance type is m7i.xlarge and base image is Microsoft Windows Server 2025. We have patch manager setup with default baselines for windows. Patch manager approve patches after 7 days of being released and manually install those patches. But we are having trouble installing this particular update:
2025-07 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system version 24H2 for x64 (KB5056579)
After this update when we reboot instance its health check starts failing (2/3) and I can see this error (attached screenshot).
Are we missing anything in our patching operations ? I have following this practice from few months. I have also tried installing same update on m6i.xlarge but encountered same issue.
- 최신
- 최다 투표
- 가장 많은 댓글
Considering below:
- Block KB5056579 Temporarily Since you're using Patch Manager with default baselines: • Create a custom baseline that explicitly excludes KB5056579 • Use Update Management in Systems Manager to block this patch until it's stable
- Test in Isolated Environment Before applying to production EC2s: • Spin up a test EC2 instance with the same image and patch manually • Monitor health checks and logs post-reboot
- Check EC2 Health Dependencies After reboot, if EC2 health checks fail: • Verify network drivers, TPM, and EC2 integration services are intact • Check C:\Windows\Logs\CBS\CBS.log and WindowsUpdate.log for patch-related errors
- Use DISM to Repair Run this on the EC2 instance before retrying the patch: DISM /Online /Cleanup-Image /RestoreHealth sfc /scannow
관련 콘텐츠
- 질문됨 2년 전
