What's new
By:
Filters
ClioSport.net

Register a free account today to become a member!
Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

  • When you purchase through links on our site, we may earn an affiliate commission. Read more here.

WSUS - updates not being pushed to clients?



cava83

cava83

  Rav4
Hi,

Installed WSUS, downloaded all the required updates, server is ok.

WSUS can see all the desktops.

I have created a GP rule that uses the WSUS server for updates and a schedule.

The blasted updates are not being pushed to the desktops.

I have approved quite a few, I have also ensured that they are the latest updates which are required.

Still no luck.

Any suggestions?

Windows server 2003
XP Pro SP2
 
Y

young_lew

  Facelift R53 Cooper S
the machines might need to restart a few times before they look at the Domain Policy, thats what i've found anyway.....

a way to test this would be to go to a machine and in the run box type "gpupdate \force" <<without the quote marks

and that will force the group policy down on them, also you could do that same process on the server to make sure the server is actually pushing it out
 
cava83

cava83

  Rav4
Hi,

yes, I know I can run wuauclt.exe /detectnow but I have around 50 machines in the office, can't be bothered to go round all of them whilst the users are doing work.

gpupdate /force was implemented last night, machines should not require a restart in order to pick it up.

Really annoying :)
 
Y

young_lew

  Facelift R53 Cooper S
Ok then, are you sure that there are no updates that precede the ones you're trying to implement?

As some are updates to updates if that makes sense....
 
cava83

cava83

  Rav4
wsus is on a single server.

server has nothing else installed but spiceworks.

wsus is on the default port 80 as it's just easier.

spiceworks is on another port.

wsus is reporting, i.e x amount require certain updates and so on.

There are thousands of updates, lots are not applicable as they are for OS versions we don't have.

I have approved all the ones which are described in the group as required, for each section, such as security.

Pain in the ass, next up, installing SP3, yer right!
 
sargey

sargey

  Astra CDTI SRI
How have you got the "configure automatic updates" setting configured?

Try number 3 (auto download and notify for install) and pick a time say 1pm.

Then do a gpupdate /force and see if the pc's download the updates at 1.

Also check RSOP to see if group policy is being applied correctly.
 
Greeny.

Greeny.

ClioSport Club Member
  440i + 182
I had a problem a while ago due to ghosting machines, cant remember if they showed in WSUS at all though tbh, but defo didnt get updates.
 
cava83

cava83

  Rav4
No previous versions of sql on server when this was installed.

Just using the standard DB SUSDB.mdf

No machines are cloned.

:)

Thanks for everyone's help, very much appreciated.

Event Type: Warning
Event Source: Windows Server Update Services
Event Category: None
Event ID: 7042
Date: 7/27/2009
Time: 9:41:00 AM
User: N/A
Computer: HQSUPPORT
Description:
The WSUS administration console was unable to connect to the WSUS Server Database.

Verify that SQL server is running on the WSUS Server. If the problem persists, try restarting SQL.


System.Data.SqlClient.SqlException -- Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding.
The statement has been terminated.

Source
.Net SqlClient Data Provider

Stack Trace:
at Microsoft.UpdateServices.Internal.BaseApi.SoapExceptionProcessor.DeserializeAndThrow(SoapException soapException)
at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.ExecuteSPGetSummariesPerUpdate(String updateScopeXml, String computerTargetScopeXml, String preferredCulture, ExtendedPublicationState publicationState)
at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer.GetSummariesPerUpdate(UpdateScope updatesToInclude, ComputerTargetScope computersToInclude)
at Microsoft.UpdateServices.UI.AdminApiAccess.BulkUpdatePropertiesCache.GetUpdateSummaries(UpdateScope updateScope, ComputerTargetScope computerTargetScope)
at Microsoft.UpdateServices.UI.AdminApiAccess.BulkUpdatePropertiesCache.GetAndCacheUpdates(ExtendedUpdateScope updateScope, ComputerTargetScope computerTargetScope)
at Microsoft.UpdateServices.UI.SnapIn.Pages.UpdatesListPage.GetListRows()

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Click to expand...
 
cava83

cava83

  Rav4
Cool,

Found the issue, it's the permissions.

Basically, the downloads are ready to be installed, but are not installed as the user is not part of the local administrator group.

I don't want them to be part of that group.

Any suggestions?

Some people on here mentioned they have their users really locked down, how did you manage WSUS to work in that instance?
 
@

@Spoonie

The users shouldn't need to be part of the admins group as the updates will not be installed under there user context. The are installed under system. Update download and install are two separate processes. When have you scheduled the install time?
 
cava83

cava83

  Rav4
For instance, today as a test purpose, at 12.00 but they did not install.

If I try to install the updates locally as a normal user, I get the following message;

"[Error number: 0x8DDD0002]
To install updates from this website, you must be logged on as an administrator or a member of the Administrators group on your computer. If you use Windows XP, you can see if you are an administrator by going to User Accounts in Control Panel.

Note: If your computer is connected to a network, network policy settings might also prevent you using this website. Contact your system administrator for help with updates.
"

Obviously, this is syncing directly via MS instead of the server locally.

WSUS GP is applying on all desktops which we are testing it.

:)

Thanks guys :)
 
@

@Spoonie

What policies do you have set?

Check in the registry under:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

In addition is WSUS fully up and running with the 7042 event above resolved?

If this machines were cloned you may also need to check:

903262 A Windows 2000-based, Windows Server 2003-based, or Windows XP-based computer that was set up by using a Windows 2000, Windows Server 2003, or Windows XP image does not appear in the WSUS console
http://support.microsoft.com/default.aspx?scid=kb;EN-US;903262
 
Last edited:
KDF

KDF

  Audi TT Stronic
If the users do not have sufficient priviledges to install the updates the standard user will be offered the oppertunity to install the updates when they go to shutdown.

eg. "Shutdown and install updates" is the default option presented although the user can change that to just "Shutdown"

You can force an update by setting a deadline date on the update within wsus.
 
ChrisR

ChrisR

ClioSport Club Member
As said, surely this should be running under the local system account rather than the current user.

Would think it's either a policy setting or a wsus option you need to change, like setting the deadline as said above.
 
cava83

cava83

  Rav4
Exactly, should be a local system account, I must have missed something out.

Any chance of someone noting down what GP settings they created and applied so I can cross check mine?

Thanks for all the help in advanced, hopefully someone can benefit from this at a later date.

Thanks,
 
ChrisR

ChrisR

ClioSport Club Member
One of our GPOs, although bear in mind this is for a server hence the out of hours thing.

Don't use WSUS for desktops I'm afraid :/

(sorry of the formatting looks pap)

Windows Components/Windows Updatehide
Policy Setting
Allow Automatic Updates immediate installation - Enabled
Allow non-administrators to receive update notifications - Disabled
Allow signed content from intranet Microsoft update service location - Enabled
Automatic Updates detection frequency - Enabled
Check for updates at the following interval (hours): 5

Policy Setting
Configure Automatic Updates - Enabled
Configure automatic updating: 4 - Auto download and schedule the install
The following settings are only required and applicable if 4 is selected.
Scheduled install day: 1 - Every Sunday
Scheduled install time: 03:00

Policy Setting
Delay Restart for scheduled installations - Enabled
Wait the following period before proceeding with a scheduled restart (minutes): 5

Policy Setting
Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box - Enabled
Enable recommended updates via Automatic Updates - Enabled
No auto-restart with logged on users for scheduled automatic updates installations - Disabled
Reschedule Automatic Updates scheduled installations - Enabled
Wait after system startup (minutes): 5

Policy Setting
Specify intranet Microsoft update service location - Enabled
Set the intranet update service for detecting updates: http://<FQDN of WSUS server>
Set the intranet statistics server: http://<FQDN of WSUS server>
 
You must log in or register to reply here.

Similar threads

Darren S
The lament of Battlefield... (a semi-serious rant/whinge)
Replies
10
Views
1K
Darren S
Darren S
DeeKay86
My Comprehensive Notes from todays Apple WWDC Keynote!
Replies
25
Views
3K
Ay Ay Ron
Ay Ay Ron
Jack!
IT network/domain stuff for small charity (plz help)
Replies
11
Views
985
msremmert
msremmert
Darren S
Golf games?
Replies
38
Views
2K
mace¬
M
cava83
Folder views - on client side, file server storage.
Replies
3
Views
588
DMS
D


Top