Solved

help with SUS clients

Posted on 2003-11-05
9
1,326 Views
Last Modified: 2010-04-11
hi everyone

im doing a work experience in a high school as an IT person.... im planning to setup a SUS server in there.. so just to be sure i tried to setup the SUS server at home and try before doing it in the school and get something wrong
the installation of the server went smooth with no problems and i was able to access the server using the URL http://server_name/susadmin locally and through the network . i have two clients at home running windows xp sp1..after some search i found that the SUS client is already included with sp1 ...
my problem now is how to configure the clients to take their updates from the SUS server.. i found some info on the web talking about registry tweaks but i couldnt find the registry keys in there
and found something about domain group policy but it took me nowhere
i appreciate any help because this will really give me bouns points in my work experience

cheers
0
Comment
Question by:New_Matrix
  • 2
  • 2
  • 2
  • +3
9 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 9686584
Hi New_Matrix,
SUS (Software Update Services)

http://www.microsoft.com/windowsserversystem/sus/default.mspx

Microsoft Software Update Services (SUS) enables administrators to quickly and reliably deploy the latest critical updates and security updates to Windows® 2000 and Windows Server™ 2003-based servers, as well as to desktop computers running Windows 2000 Professional or Windows XP Professional.

SUS now provides Windows service packs (SPs), in addition to critical and security updates. SUS will deliver Windows XP SP1, Windows 2000 SP4, and all future service packs for Windows 2000, Windows XP, and the Windows Server 2003 family of products.

Download SUS Software here
http://www.microsoft.com/downloads/details.aspx?FamilyId=A7AA96E4-6E41-4F54-972C-AE66A4E4BF6C&displaylang=en

Download the deployment guide here
http://www.microsoft.com/windows2000/docs/SUS_Deployguide_sp1.doc

Installation Notes
SUS Server 1.0 with SP1 automatically installs under the Web site that is currently running. It will not interfere with this or any other Web sites. If no other Web site is currently running, SUS Server 1.0 with SP1 will create a new Web
site.

Requirements

Computer operating systems where Software Update Services (SUS) can be installed:
Windows 2000, Service Pack 2 or above.
Windows Server 2003.
 
Computers where Automatic Update is already included in the operating system:
Windows 2000, Service Pack 3 or above.
Windows XP, Service Pack 1 or above.
Windows Server 2003.
 
Computers where a separate Automatic Update client installation is required:
Windows 2000, Service Pack 2.
Windows XP, no Service Pack.
 


For more information about where Setup places SUS Server 1.0 with SP1 components, refer to Appendix A in the Software Update Services
Deployment White Paper.

You can start the default site using the following steps:

Click Start, click Administrative Tools, then open Internet Information Services (IIS).
Click Web Sites, and then right-click Default Website.
Click Start.


Preparation your web site
In the basic installation, the SUS Server will install in the default port 80 website.
Visit the URL in your web browser to ensure IIS is running and operational. If there are no pages, Right-Click here and save this file in the website home directory as a location holder.

The Installation
For the basic installation, follow these instructions:
Run the Installation package.
When the Installation wizard starts, click "Next".
Read the License Agreement, select "I accept...", click "Next".
Click "Typical" for default settings.
Click "Install".
Installation will proceed.
Click "Finish" to end.
 
Connecting to the SUS Server administration console
All SUS Server administration is done through the web-based management console.
To access the console, visit:
http://localhost/susadmin/ if you are logged into the SUS Server.
http://SUS-Server-URL/susadmin/ if you are connecting to the SUS Server over the network.
 
Setting your SUS Server options
In the SUS Server Administration Console, down the left-hand navigation menu, select "Set options".
In this area, you can configure the following options:
Select a proxy server configuration. This proxy setting is used when the SUS Server performs a synchronization, either to Microsoft or a parent SUS Server.
Specify the name your clients use to locate this update server. This can be the short servername or the fully qualified DNS name of the server. This name is used for the clients to download updates.
Select which server to synchronize content from. Generally you will be synchronizing from Microsoft Windows Update, but you can specify another internal SUS Server. Also, the synchronize list of approved items allows this SUS Server to copy the update approval from the specified parent SUS Server, this option is useful for branch office situations.
Select how you want to handle new versions of previously approved. Select the option which suits your operational and quality assurance processes.
Select where you want to store updates. Generally, you will be saving the updates locally. Click on the "Clear All" button, then select the languages that will be supported by this SUS Server.
Click the "Apply" button.
 
Setting up synchronization
In the SUS Server Administration Console, down the left-hand navigation menu, select "Synchronize server". In this area, you can configure the update synchronization and perform it manually.
Click on "Synchronization Schedule" and configure the schedule to suit your requirements. Click "OK" to complete.
Click "Synchronize Now" to perform the initial synchronization. This will download all updates for the languages you have selected. You may wish to left this task and let the SUS Server do it during the scheduled synchronization.

Approving the updates for release
In the SUS Server Administration Console, down the left-hand navigation menu, select "Approve Update". In this area, you will be approving Microsoft Updates for release to clients.
Click the check box next to each update that you wish to release to the clients, when finished click the "Approve" button and follow the prompt to accept the licensing terms.

Where to now
You now have a functional SUS Server with approved updates. It is ready to distribute updates to clients.

*****Links*****


Troubleshooting Auto Update Client Error Codes
http://www.susserver.com/FAQs/FAQ-TroubleshootingAutoUpdateClientErrorCodes.asp
Troubleshooting the Auto Update Client Downloads
http://www.susserver.com/FAQs/FAQ-TroubleshootingAutoUpdateClientDownloads.asp


*****References*****

http://www.susserver.com/
http://www.susserver.com/Articles/SUS-InstallingSUS-Basic.asp

Cheers!
0
 

Expert Comment

by:juanmamerino
ID: 9688097
Install wuau.adm (the lastest version, no the original included on windows XP nor 2000.

Download it from: http://microsoft.com/downloads/details.aspx?FamilyId=D26A0AEA-D274-42E6-8025-8C667B4C94E9&displaylang=en

This new adm file adds to your Group Policy Console what you are looking for.

I had the same problem with SUS and that was the solution.

Note: The MS link doesn't works at the moment so try to download the template file from another site.

Juanma Merino
BARCELONA
0
 
LVL 5

Accepted Solution

by:
koquito earned 100 total points
ID: 9690555
You can change the regitry settings of your clients, or use group policies on your network to tell them where to get the updates and at what time.
It is well explained in the documentation that is available with SUS. Check it out on this link
http://www.microsoft.com/downloads/details.aspx?FamilyId=A7AA96E4-6E41-4F54-972C-AE66A4E4BF6C&displaylang=en

You need to install the Windows Update clients on those machines that need it.
If you use group policies, you will need to install wuau.adm template on your Group policy, to be able to see Windows Updates settings.
0
 
LVL 3

Expert Comment

by:foad
ID: 9694180
ok, now the registry tweaks are ONLY if you have an NT doamain.... if that's the case, let me know, i'll give you the registry changes that WILL make it work...

AL
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:New_Matrix
ID: 9706049
hi again
thanks everyone for your help
the links gave me a good help to know that the wuau.adm tamplate is already included with windows 2003 server. i configured the group policy for the group and enabled all the avialable options (4 options).. the thing is the client still going to microsoft update site instead of the SUS server even tho i specified the SUS server in the group policy....im not sure where the problem is
-the tamplate file wuau.adm  is already there in windows 2003 server
-the SUS  client is already there in windows xp sp1 as well
-the group policy is defined but i think its not implemented
- the client still going to microsoft's web site NOT the SUS server

any suggestions please?

thanks foad .. im using windows 2003 server

bye :)
0
 

Author Comment

by:New_Matrix
ID: 9706160
after some testing i discovered that none of my group policies are implemented correctly!
any idea why is that ?
0
 
LVL 5

Expert Comment

by:koquito
ID: 9709052
When that happened to me it was only a matter of changing the computers DNs settings to use the IP of the DNS server on your LAN (explicit). Also remember that policies requiere a certain time unless you use secedit /refreshpolicy or gpupdate.
0
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 150 total points
ID: 9709615
Windows Domain Group Policy

Configuring Account Policies in Active Directory

http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q255/5/50.asp&NoWebContent=1


Troubleshooting

1. Ensure You have created a Domain Security policy, and not a local policy on a domain controller.

2. Ensure The group policy is applied  either to the Root of AD or the OU where the users/machines reside.

3. Right click either the policy or the level at which the policy was applied and select the security tab. Ensure "Apply Group Policy" is ticked.

4. Press Start > Run > SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE

5. Press Start > Run > SECEDIT /REFRESHPOLICY USER_POLICY /ENFORCE

6. Are Your Users seeing these Error Messages....

   Your account has been disabled. Please see your system administrator.

   OR

   Unable to log you on because your account has been locked out, please contact your    administrator.

   If so see http://support.microsoft.com/default.aspx?scid=kb;en-us;279227

7. Account Lockout Problems see http://support.microsoft.com/default.aspx?scid=kb;en-us;274372

8. Machine Account Lockout Problems see http://support.microsoft.com/default.aspx?scid=kb;en-us;260930
http://support.microsoft.com/default.aspx?scid=kb;en-us;817701

9. Policy not being enforced Try http://support.microsoft.com/default.aspx?scid=kb;en-us;254174

10. Account Locking for no reason see
http://support.microsoft.com/default.aspx?scid=kb;en-us;328862

11. Policy not applying to users try
http://support.microsoft.com/default.aspx?scid=kb;EN-US;263693

12. You are only allowed one Domain Security Policy! see
http://support.microsoft.com/default.aspx?scid=kb;en-us;255550

13. Still no Joy! Try the official Microsoft Troubleshooting guide http://www.microsoft.com/windows2000/techinfo/howitworks/management/gptshoot.asp
0
 

Expert Comment

by:trimixdiver1
ID: 10586154
Go to the link. Open it up with notepad and edit to fit your needs. Run it and reboot.

http://www.bris.ac.uk/is/services/computers/operatingsystems/sus/config-reg.html
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now