Symptoms
Microsoft patches fail to deploy on the following operating systems:
-Windows Vista
-Windows 2008
-Windows 7
-Windows 2008R2
-Windows 8
-Windows Server 2012
When attempting to manually run a patch file copied to a target machine in C:\Windows\Propatches\Patches you receive an error that the Windows Update service was not able to start or is not started.
Resolution
The Windows Update service must not be set to 'Disabled'. It does not explicitly need to be started, but it must be enabled - it can be set to 'Manual', 'Automatic-Delayed Start', or 'Automatic'.
Windows Vista/2008 changed patching behavior. Windows Vista and later patches are of a file type .MSU and this file type requires the Windows Update Service to be enabled to execute. The Windows update application is not required, but the standalone service handles extraction and execution of MSU patches and must remain enabled. For more details regarding this change go to http://support.microsoft.com/kb/934307/en-us
Windows update can be disabled as long as the Windows Update Service remains enabled. You can configure this using GPOE under Computer Configuration\Administrator Templates\Windows Components\Windows Update.
Products
Shavlik Protect 9.x
vCenter Protect 8.x