[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 185
  • Last Modified:

Clients not finding SUS Server

I setup SUS sp1 on a win2k3 secondary domain controller. when I connect to http://suserver/susadmin, it prompts with AD login details and admin page loads fine when I login as domain administrator. But I can't login as a normal user. Can I not have the prompt? I checked anynomous login in IIS and it's enabled.

When I enter http://suserver, I receive 'site is under construction'. Is this normal? Do I see a list of updates available at this point?
how do I know the setup is correct and then I can setup clients to get update from this sus server? I have AD domain but not used by most of my users. I am using registry settings to implement client update.
Please advise.
thanks,
Bhupal
0
bhupalk
Asked:
bhupalk
  • 7
  • 4
  • 2
1 Solution
 
John Gates, CISSPSecurity ProfessionalCommented:
Is the server a member of your active directory domain?

0
 
bhupalkAuthor Commented:
yes it is. This is the backup domain controller.
0
 
John Gates, CISSPSecurity ProfessionalCommented:
well the best thing to do is to have all the machines as domain members.
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
John Gates, CISSPSecurity ProfessionalCommented:
THe under construction page is normal for the sus installation http://servername/susadmin is where you go to admisiter the server.


D
0
 
bhupalkAuthor Commented:
thanks Dimante.
however, why do I get the login prompt though when I go to http://servername/susadmin? I have to login using domain administrator account.
also I am testing client update using my PC but it does not go to the sus server although I have registry settings applied.
thanks,
Bhupal
0
 
John Gates, CISSPSecurity ProfessionalCommented:
Have you looked at your %systemroot%\Windows Update.log to prove that?

You should see entries like the following:

2004-08-15 13:23:23  18:23:23   Success   IUENGINE       Determining machine configuration
2004-08-15 13:23:24  18:23:24   Success   IUENGINE       Querying software update catalog from https://v4.windowsupdate.microsoft.com/autoupdate/getmanifest.asp
2004-08-15 13:23:24  18:23:24   Success   IUENGINE       Determining machine configuration
2004-08-15 13:23:24  18:23:24   Success   IUENGINE       Querying software update catalog from https://v4.windowsupdate.microsoft.com/autoupdate/getmanifest.asp

Instead of v4.windowsupdate.micrsoft....etc your server ip should be listed.  If not please refer to this site:

http://www.susserver.com/FAQs/FAQ-IsYourSUSServerWorking.asp

It is a great resource and should help also.

Let me know if I can assist further!

D
0
 
John Gates, CISSPSecurity ProfessionalCommented:
I forgot to add it may show your server name instead of IP also depending on how you set up the template on the clients.

D
0
 
SembeeCommented:
You aren't using SUS correctly. It is not an internal Windows Update server - but an internal server for the clients to use for Automatic updates.
Clients do not log in to the SUS web site - only administrators login to the web site to approve updates.

What you need to do is configure the clients to point at the SUS web site for automatic updates. There are a couple of ways to do this, Group Policy or manual registry edits. There are also a couple of utilities around that can make the machines look to a certain server - you will find these on the susserver.com web site.

SUS will allow any machine to connect to it - the machines do not have to be members of the same domain. They just need to be able to find the SUS server in DNS and the registry enties made.
I have an SUS server in the workshop. When I rebuild client's machines I will point them to my own SUS server to get updates using the "nwsusutil.exe". This utility resets the automatic updates registry entries to the default after a reboot.

Simon.
0
 
John Gates, CISSPSecurity ProfessionalCommented:
Actually that is not entirely correct.....   Also WUS is what the new version is going to be called when it comes out and it can be an internal windows update server.

D
0
 
SembeeCommented:
WUS is a product currently undevelopment and most people will not see it before its release next year. As well as being a internal Windows Update server it should also be able to update Office and other MS applications - not before time.

Other than that, "dimante", what else is "not entirely correct" about what I have written above?

Simon.
0
 
bhupalkAuthor Commented:
Thanks to both of you. I am using the tool mentioned by Sembee and I am getting some logs on the windows update.log file.
so if I used windows update option from windows, it seems to go to microsoft.com update site. I will do more testing using this tool and see what happens. Now I am getting this. I am assuming there nothing to download. I will check on another PC.
Does this mean it's working?
also do I need to run the tool on all PCs?
I made the registry changes manually but that was not working until I ran this tool.
-------------------------------------------------------------------------------------------------
2004-10-04 10:20:03  00:20:03   Success   IUENGINE       Starting
2004-10-04 10:20:03  00:20:03   Success   IUENGINE       Determining machine configuration
2004-10-04 10:20:04  00:20:04   Success   IUENGINE       Querying software update catalog from http://10.3.0.80/autoupdate/getmanifest.asp
2004-10-04 10:20:04  00:20:04   Success   IUENGINE       Determining machine configuration
2004-10-04 10:20:04  00:20:04   Success   IUENGINE       Querying software update catalog from http://10.3.0.80/autoupdate/getmanifest.asp
2004-10-04 10:20:04  00:20:04   Success   IUENGINE       Determining machine configuration
2004-10-04 10:20:04  00:20:04   Success   IUENGINE       Querying software update catalog from http://10.3.0.80/autoupdate/getmanifest.asp
2004-10-04 10:20:05  00:20:05   Success   IUENGINE       Determining machine configuration
2004-10-04 10:20:05  00:20:05   Error     IUENGINE       Querying software update catalog from http://10.3.0.80/autoupdatedrivers/getmanifest.asp (Error 0x80190194)
2004-10-04 10:20:05  00:20:05   Success   IUENGINE       Shutting down
------------------------------------------------------------------------------------------------------
0
 
John Gates, CISSPSecurity ProfessionalCommented:
Yes it is functioning correctly that last error is a normal occurrance.

D
0
 
bhupalkAuthor Commented:
OK. Thanks D.
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

  • 7
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now