	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

09/09/2009 at 08:20AM PDT, ID: 24718437

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

9.3

Microsoft updates show up on clients even though they are not approved by WSUS - Revisited

Asked by Barnabus2006 in Windows 2003 Server

Tags: WSUS, Server 2003

We posted a similar question before, but it seems we have gotten "wrapped around the axle" since then. The XP Pro SP3 computers (that's the only type on this network) all show pending updates that have been downloaded even though the updates have not been approved in WSUS.

Case in point, KB956844 from Sept 8, 2009 is awaiting installation via the tray update icon this morning. Sep 9, 2009. The WU Server synchronizes every night at 1:00am and the WSUS
GPO has the clients pointed to the WSUS server for updates. (See Code section for GPO settings, client registry, clientdiag, and client windowsupdate.log)

The WSUS console is used to assign computer to groups.
The WSUS GPO is linked to the domain and not embedded in the Default Domain Policy

View the Solution FREE for 30 Days

         
           
             1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:

           
           
             GPO
-------------------------------------
Setting	State
Allow Automatic Updates immediate installation - ENABLED
Allow non-administrators to receive update notifications - NOT CONFIGURED
Allow signed content from intranet Microsoft update service location - NOT CONFIGURED
Automatic Updates detection frequency - NOT CONFIGURED
Configure Automatic Updates - ENABLED
Delay Restart for scheduled installations - NOT CONFIGURED
Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box - NOT CONFIGURED
Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box - DISABLED
Enable client-side targeting - NOT CONFIGURED
Enable recommended updates via Automatic Updates - ENABLED
Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates - ENABLED
No auto-restart with logged on users for scheduled automatic updates installations - Disabled
Re-prompt for restart with scheduled installations - NOT CONFIGURED
Reschedule Automatic Updates scheduled installations - ENABLED
Specify intranet Microsoft update service location - ENABLED
 
CLIENT REGISITRY
-------------------------------------
C:\reg query "HKLM\SOFTWARE\Policies\M\Windows\WindowsUpdate" /s
 
! REG.EXE VERSION 3.0
 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
    WUServer    REG_SZ  http://WUSERVER1
    WUStatusServer      REG_SZ  http://WUSERVER1
 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    AutoInstallMinorUpdates     REG_DWORD       0x1
    AUPowerManagement   REG_DWORD       0x1
    IncludeRecommendedUpdates   REG_DWORD       0x1
    NoAutoRebootWithLoggedOnUsers       REG_DWORD       0x0
    RescheduleWaitTimeEnabled   REG_DWORD       0x1
    RescheduleWaitTime  REG_DWORD       0x1
    NoAUShutdownOption  REG_DWORD       0x0
    NoAutoUpdate        REG_DWORD       0x0
    AUOptions   REG_DWORD       0x4
    ScheduledInstallDay REG_DWORD       0x0
    ScheduledInstallTime        REG_DWORD       0x3
    UseWUServer REG_DWORD       0x1
 
 
CLIENTDIAG
------------------------------------
c:\bin\clientdiag
 
WSUS Client Diagnostics Tool
 
Checking Machine State
        Checking for admin rights to run tool . . . . . . . . . PASS
        Automatic Updates Service is running. . . . . . . . . . PASS
        Background Intelligent Transfer Service is running. . . PASS
        Wuaueng.dll version 7.4.7600.226. . . . . . . . . . . . PASS
                This version is WSUS 2.0
 
Checking AU Settings
        AU Option is 4: Scheduled Install . . . . . . . . . . . PASS
                Option is from Policy settings
 
Checking Proxy Configuration
        Checking for winhttp local machine Proxy settings . . . PASS
                Winhttp local machine access type
                        <Direct Connection>
                Winhttp local machine Proxy. . . . . . . . . .  NONE
                Winhttp local machine ProxyBypass. . . . . . .  NONE
        Checking User IE Proxy settings . . . . . . . . . . . . PASS
                User IE Proxy. . . . . . . . . . . . . . . . .  NONE
                User IE ProxyByPass. . . . . . . . . . . . . .  NONE
                User IE AutoConfig URL Proxy . . . . . . . . .  NONE
                User IE AutoDetect
                AutoDetect not in use
 
Checking Connection to WSUS/SUS Server
                WUServer = http://WUSERVER1
                WUStatusServer = http://WUSERVER1
        UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS
        Connection to server. . . . . . . . . . . . . . . . . . PASS
        SelfUpdate folder is present. . . . . . . . . . . . . . PASS
 
Press Enter to Complete
 
 
WindowsUpdate.log
------------------------------------
 
2009-09-08	03:00:10:441	1444	3a4	AU	Forced install timer expired for scheduled install
2009-09-08	03:00:10:441	1444	3a4	AU	UpdateDownloadProperties: 0 download(s) are still in progress.
2009-09-08	03:00:10:441	1444	3a4	AU	Setting AU scheduled install time to 2009-09-09 07:00:00
2009-09-08	15:59:17:805	1444	3a4	AU	AU received policy change subscription event
2009-09-08	16:54:54:876	1444	3a4	AU	#############
2009-09-08	16:54:54:876	1444	3a4	AU	## START ##  AU: Search for updates
2009-09-08	16:54:54:876	1444	3a4	AU	#########
2009-09-08	16:54:54:876	1444	3a4	AU	<<## SUBMITTED ## AU: Search for updates [CallId = {B3D738A0-7831-47B9-AEEE-4A34FE36869C}]
2009-09-08	16:54:54:876	1444	f68	Agent	*************
2009-09-08	16:54:54:876	1444	f68	Agent	** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
2009-09-08	16:54:54:876	1444	f68	Agent	*********
2009-09-08	16:54:54:876	1444	f68	Agent	  * Online = Yes; Ignore download priority = No
2009-09-08	16:54:54:876	1444	f68	Agent	  * Criteria = "IsHidden=0 and IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and IsAssigned=1 or IsHidden=0 and IsInstalled=1 and DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and IsAssigned=1 and RebootRequired=1"
2009-09-08	16:54:54:876	1444	f68	Agent	  * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2009-09-08	16:54:54:876	1444	f68	Agent	  * Search Scope = {Machine}
2009-09-08	16:54:56:220	1444	f68	Misc	Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab:
2009-09-08	16:54:56:282	1444	f68	Misc	 Microsoft signed: Yes
2009-09-08	16:54:56:360	1444	f68	Misc	Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab:
2009-09-08	16:54:56:360	1444	f68	Misc	 Microsoft signed: Yes
2009-09-08	16:54:56:392	1444	f68	Misc	Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab:
2009-09-08	16:54:56:392	1444	f68	Misc	 Microsoft signed: Yes
2009-09-08	16:54:56:407	1444	f68	Setup	***********  Setup: Checking whether self-update is required  ***********
2009-09-08	16:54:56:407	1444	f68	Setup	  * Inf file: C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.inf
2009-09-08	16:54:56:423	1444	f68	Setup	Update NOT required for C:\WINDOWS\system32\cdm.dll: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-09-08	16:54:56:454	1444	f68	Setup	Update NOT required for C:\WINDOWS\system32\wuapi.dll: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-09-08	16:54:56:470	1444	f68	Setup	Update NOT required for C:\WINDOWS\system32\wuapi.dll.mui: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-09-08	16:54:56:470	1444	f68	Setup	Update NOT required for C:\WINDOWS\system32\wuauclt.exe: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-09-08	16:54:56:485	1444	f68	Setup	Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-09-08	16:54:56:501	1444	f68	Setup	Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl.mui: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-09-08	16:54:56:501	1444	f68	Setup	Update NOT required for C:\WINDOWS\system32\wuaueng.dll: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-09-08	16:54:56:501	1444	f68	Setup	Update NOT required for C:\WINDOWS\system32\wuaueng.dll.mui: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-09-08	16:54:56:501	1444	f68	Setup	Update NOT required for C:\WINDOWS\system32\wucltui.dll: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-09-08	16:54:56:517	1444	f68	Setup	Update NOT required for C:\WINDOWS\system32\wucltui.dll.mui: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-09-08	16:54:56:517	1444	f68	Setup	Update NOT required for C:\WINDOWS\system32\wups.dll: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-09-08	16:54:56:517	1444	f68	Setup	Update NOT required for C:\WINDOWS\system32\wups2.dll: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-09-08	16:54:56:532	1444	f68	Setup	Update NOT required for C:\WINDOWS\system32\wuweb.dll: target version = 7.4.7600.226, required version = 7.4.7600.226
2009-09-08	16:54:56:532	1444	f68	Setup	  * IsUpdateRequired = No
2009-09-08	16:55:01:329	1444	f68	PT	+++++++++++  PT: Synchronizing server updates  +++++++++++
2009-09-08	16:55:01:329	1444	f68	PT	  + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://WUSERVER1/ClientWebService/client.asmx
2009-09-08	16:55:02:032	1444	f68	PT	WARNING: Cached cookie has expired or new PID is available
2009-09-08	16:55:02:032	1444	f68	PT	Initializing simple targeting cookie, clientId = 31b6f369-c28d-4ef4-acad-b3065a29bad0, target group = , DNS name = public3.cspc.local
2009-09-08	16:55:02:032	1444	f68	PT	  Server URL = http://WUSERVER1/SimpleAuthWebService/SimpleAuth.asmx
2009-09-08	16:55:06:251	1444	f68	PT	+++++++++++  PT: Synchronizing extended update info  +++++++++++
2009-09-08	16:55:06:251	1444	f68	PT	  + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://WUSERVER1/ClientWebService/client.asmx
2009-09-08	16:55:12:220	1444	f68	Agent	  * Found 0 updates and 47 categories in search; evaluated appl. rules of 526 out of 1100 deployed entities
2009-09-08	16:55:12:298	1444	f68	Agent	*********
2009-09-08	16:55:12:298	1444	f68	Agent	**  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2009-09-08	16:55:12:298	1444	f68	Agent	*************
2009-09-08	16:55:12:314	1444	dc8	AU	>>##  RESUMED  ## AU: Search for updates [CallId = {B3D738A0-7831-47B9-AEEE-4A34FE36869C}]
2009-09-08	16:55:12:314	1444	dc8	AU	  # 0 updates detected
2009-09-08	16:55:12:314	1444	dc8	AU	#########
2009-09-08	16:55:12:314	1444	dc8	AU	##  END  ##  AU: Search for updates [CallId = {B3D738A0-7831-47B9-AEEE-4A34FE36869C}]
2009-09-08	16:55:12:314	1444	dc8	AU	#############
2009-09-08	16:55:12:314	1444	dc8	AU	Featured notifications is disabled.
2009-09-08	16:55:12:314	1444	dc8	AU	AU setting next detection timeout to 2009-09-09 18:27:04
2009-09-08	16:55:12:314	1444	dc8	AU	Setting AU scheduled install time to 2009-09-09 07:00:00
2009-09-08	16:55:17:298	1444	f68	Report	REPORT EVENT: {F33D121E-9838-479D-A714-CC2AD9E44C0B}	2009-09-08 16:55:12:298-0400	1	147	101	{00000000-0000-0000-0000-000000000000}	0	0	AutomaticUpdates	Success	Software Synchronization	Windows Update Client successfully detected 0 updates.
2009-09-08	16:55:17:298	1444	f68	Report	REPORT EVENT: {901CD64D-8569-46A6-8B7F-040EDE6E2D75}	2009-09-08 16:55:12:298-0400	1	156	101	{00000000-0000-0000-0000-000000000000}	0	0	AutomaticUpdates	Success	Pre-Deployment Check	Reporting client status.
2009-09-08	16:56:44:456	1444	f68	Report	Uploading 2 events using cached cookie, reporting URL = http://WUSERVER1/ReportingWebService/ReportingWebService.asmx
2009-09-08	16:56:44:487	1444	f68	Report	Reporter successfully uploaded 2 events.
2009-09-09	03:00:11:324	1444	3a4	AU	Forced install timer expired for scheduled install
2009-09-09	03:00:11:324	1444	3a4	AU	UpdateDownloadProperties: 0 download(s) are still in progress.
2009-09-09	03:00:11:324	1444	3a4	AU	Setting AU scheduled install time to 2009-09-10 07:00:00

           
         

20090824-EE-VQP-74 - Hierarchy / EE_QW_3_20080625

1. oBdA1,424,703
2. Mestha692,297
3. dstewartjr621,993
4. mkline71613,292
5. demazter554,995
6. ChiefIT499,606
7. Chris-Dent497,343
8. henjoh09476,359
9. tigermatt417,746
10. leew403,306
11. bluntTony397,255
12. dariusg378,502
13. KCTS345,515
14. MightySW276,102
15. chuku266,747
16. Americom209,316
17. Paranorm...192,453
18. alanhardisty184,263
19. speshalyst171,245
20. zelron22165,033
21. xxdcmast148,779
22. ryansoto144,206
23. hypercat129,721
24. PeteJTho...127,562
25. RobWill122,315

1. oBdA4,680,837
2. Netman663,434,934
3. KCTS3,260,911
4. Jay_Jay702,681,410
5. leew2,185,620
6. Sembee1,825,283
7. TechSoEasy1,750,405
8. Chris-Dent1,580,495
9. ChiefIT1,510,960
10. RobWill1,323,153
11. tigermatt1,294,935
12. NJComput...1,222,396
13. LauraEHu...1,115,989
14. henjoh09925,473
15. TheCleaner864,300
16. ryansoto842,900
17. toniur842,230
18. sirbounty782,710
19. Pber776,859
20. mkline71770,209
21. dariusg718,783
22. Mestha692,297
23. dstewartjr659,571
24. hypercat558,745
25. mkbean558,617

Microsoft updates show up on clients even though they are not approved by WSUS - Revisited

Asked by Barnabus2006 in Windows 2003 Server

Tags: WSUS, Server 2003

About this solution