Patches getting reoffered from SCCM and Windows update even after they are successfully installed.
.NET Framework Security updates like kb2418241 and KB2656352 get reoffered on distribution tools like SCCM and Windows Update even after they are installed successfully. In this scenario the files which are targeted by the security updates are updated to the intended version and the security update is populated in the Add/Remove programs.
This is due to an orphan registry key “HKLM\Wow6432Node\Microsoft\Update\Microsoft .NET Framework 2.0\SP2\kb960043”. KB960043 determines if the patch servicing for .NET Framework is following a LDR or GDR line of patching (Refer the KB for more information http://support.microsoft.com/kb/960043). The above mentioned orphan registry key would be left over due to a previous unclean uninstallation of .NET Framework or KB960043.
As per the security update detection methodology SCCM or Windows update would check for the file versions after the security updates are installed and then confirm if patch has been successfully installed or not. In this scenario KB960043 is not installed on the machine and the security update has updated the files to GDR version. SCCM detects that “HKLM\Wow6432Node\Microsoft\Update\Microsoft .NET Framework 2.0\SP2\kb960043” on the machine and assumes LDR line of patching is being followed on the machine. It would verify if the LDR version of files are installed on the machine but actually GDR version are installed on the machine. This version mismatch misleads SCCM and it would reoffer the patch again showing the status as failed.
We have to delete the orphan registry key “HKLM\Wow6432Node\Microsoft\Update\Microsoft .NET Framework 2.0\SP2\kb960043-V3” and try reinstalling the security update. After this it wouldn’t be reoffered.
PS: This registry path is for 64 bit machines. For 32 bit machines the path would be “HKLM\Microsoft\Update\Microsoft .NET Framework 2.0\SP2\kb960043-V3”