bhupalk
asked on
Clients not finding SUS Server
I setup SUS sp1 on a win2k3 secondary domain controller. when I connect to http://suserver/susadmin, it prompts with AD login details and admin page loads fine when I login as domain administrator. But I can't login as a normal user. Can I not have the prompt? I checked anynomous login in IIS and it's enabled.
When I enter http://suserver, I receive 'site is under construction'. Is this normal? Do I see a list of updates available at this point?
how do I know the setup is correct and then I can setup clients to get update from this sus server? I have AD domain but not used by most of my users. I am using registry settings to implement client update.
Please advise.
thanks,
Bhupal
When I enter http://suserver, I receive 'site is under construction'. Is this normal? Do I see a list of updates available at this point?
how do I know the setup is correct and then I can setup clients to get update from this sus server? I have AD domain but not used by most of my users. I am using registry settings to implement client update.
Please advise.
thanks,
Bhupal
John Gates, CISSP, CDPSE
Is the server a member of your active directory domain?
ASKER
yes it is. This is the backup domain controller.
well the best thing to do is to have all the machines as domain members.
THe under construction page is normal for the sus installation http://servername/susadmin is where you go to admisiter the server.
D
D
ASKER
thanks Dimante.
however, why do I get the login prompt though when I go to http://servername/susadmin? I have to login using domain administrator account.
also I am testing client update using my PC but it does not go to the sus server although I have registry settings applied.
thanks,
Bhupal
however, why do I get the login prompt though when I go to http://servername/susadmin? I have to login using domain administrator account.
also I am testing client update using my PC but it does not go to the sus server although I have registry settings applied.
thanks,
Bhupal
Have you looked at your %systemroot%\Windows Update.log to prove that?
You should see entries like the following:
2004-08-15 13:23:23 18:23:23 Success IUENGINE Determining machine configuration
2004-08-15 13:23:24 18:23:24 Success IUENGINE Querying software update catalog from https://v4.windowsupdate.microsoft.com/autoupdate/getmanifest.asp
2004-08-15 13:23:24 18:23:24 Success IUENGINE Determining machine configuration
2004-08-15 13:23:24 18:23:24 Success IUENGINE Querying software update catalog from https://v4.windowsupdate.microsoft.com/autoupdate/getmanifest.asp
Instead of v4.windowsupdate.micrsoft.
http://www.susserver.com/FAQs/FAQ-IsYourSUSServerWorking.asp
It is a great resource and should help also.
Let me know if I can assist further!
D
You should see entries like the following:
2004-08-15 13:23:23 18:23:23 Success IUENGINE Determining machine configuration
2004-08-15 13:23:24 18:23:24 Success IUENGINE Querying software update catalog from https://v4.windowsupdate.microsoft.com/autoupdate/getmanifest.asp
2004-08-15 13:23:24 18:23:24 Success IUENGINE Determining machine configuration
2004-08-15 13:23:24 18:23:24 Success IUENGINE Querying software update catalog from https://v4.windowsupdate.microsoft.com/autoupdate/getmanifest.asp
Instead of v4.windowsupdate.micrsoft.
http://www.susserver.com/FAQs/FAQ-IsYourSUSServerWorking.asp
It is a great resource and should help also.
Let me know if I can assist further!
D
I forgot to add it may show your server name instead of IP also depending on how you set up the template on the clients.
D
D
You aren't using SUS correctly. It is not an internal Windows Update server - but an internal server for the clients to use for Automatic updates.
Clients do not log in to the SUS web site - only administrators login to the web site to approve updates.
What you need to do is configure the clients to point at the SUS web site for automatic updates. There are a couple of ways to do this, Group Policy or manual registry edits. There are also a couple of utilities around that can make the machines look to a certain server - you will find these on the susserver.com web site.
SUS will allow any machine to connect to it - the machines do not have to be members of the same domain. They just need to be able to find the SUS server in DNS and the registry enties made.
I have an SUS server in the workshop. When I rebuild client's machines I will point them to my own SUS server to get updates using the "nwsusutil.exe". This utility resets the automatic updates registry entries to the default after a reboot.
Simon.
Clients do not log in to the SUS web site - only administrators login to the web site to approve updates.
What you need to do is configure the clients to point at the SUS web site for automatic updates. There are a couple of ways to do this, Group Policy or manual registry edits. There are also a couple of utilities around that can make the machines look to a certain server - you will find these on the susserver.com web site.
SUS will allow any machine to connect to it - the machines do not have to be members of the same domain. They just need to be able to find the SUS server in DNS and the registry enties made.
I have an SUS server in the workshop. When I rebuild client's machines I will point them to my own SUS server to get updates using the "nwsusutil.exe". This utility resets the automatic updates registry entries to the default after a reboot.
Simon.
Actually that is not entirely correct..... Also WUS is what the new version is going to be called when it comes out and it can be an internal windows update server.
D
D
WUS is a product currently undevelopment and most people will not see it before its release next year. As well as being a internal Windows Update server it should also be able to update Office and other MS applications - not before time.
Other than that, "dimante", what else is "not entirely correct" about what I have written above?
Simon.
Other than that, "dimante", what else is "not entirely correct" about what I have written above?
Simon.
ASKER
Thanks to both of you. I am using the tool mentioned by Sembee and I am getting some logs on the windows update.log file.
so if I used windows update option from windows, it seems to go to microsoft.com update site. I will do more testing using this tool and see what happens. Now I am getting this. I am assuming there nothing to download. I will check on another PC.
Does this mean it's working?
also do I need to run the tool on all PCs?
I made the registry changes manually but that was not working until I ran this tool.
--------------------------
2004-10-04 10:20:03 00:20:03 Success IUENGINE Starting
2004-10-04 10:20:03 00:20:03 Success IUENGINE Determining machine configuration
2004-10-04 10:20:04 00:20:04 Success IUENGINE Querying software update catalog from http://10.3.0.80/autoupdate/getmanifest.asp
2004-10-04 10:20:04 00:20:04 Success IUENGINE Determining machine configuration
2004-10-04 10:20:04 00:20:04 Success IUENGINE Querying software update catalog from http://10.3.0.80/autoupdate/getmanifest.asp
2004-10-04 10:20:04 00:20:04 Success IUENGINE Determining machine configuration
2004-10-04 10:20:04 00:20:04 Success IUENGINE Querying software update catalog from http://10.3.0.80/autoupdate/getmanifest.asp
2004-10-04 10:20:05 00:20:05 Success IUENGINE Determining machine configuration
2004-10-04 10:20:05 00:20:05 Error IUENGINE Querying software update catalog from http://10.3.0.80/autoupdatedrivers/getmanifest.asp (Error 0x80190194)
2004-10-04 10:20:05 00:20:05 Success IUENGINE Shutting down
--------------------------
so if I used windows update option from windows, it seems to go to microsoft.com update site. I will do more testing using this tool and see what happens. Now I am getting this. I am assuming there nothing to download. I will check on another PC.
Does this mean it's working?
also do I need to run the tool on all PCs?
I made the registry changes manually but that was not working until I ran this tool.
--------------------------
2004-10-04 10:20:03 00:20:03 Success IUENGINE Starting
2004-10-04 10:20:03 00:20:03 Success IUENGINE Determining machine configuration
2004-10-04 10:20:04 00:20:04 Success IUENGINE Querying software update catalog from http://10.3.0.80/autoupdate/getmanifest.asp
2004-10-04 10:20:04 00:20:04 Success IUENGINE Determining machine configuration
2004-10-04 10:20:04 00:20:04 Success IUENGINE Querying software update catalog from http://10.3.0.80/autoupdate/getmanifest.asp
2004-10-04 10:20:04 00:20:04 Success IUENGINE Determining machine configuration
2004-10-04 10:20:04 00:20:04 Success IUENGINE Querying software update catalog from http://10.3.0.80/autoupdate/getmanifest.asp
2004-10-04 10:20:05 00:20:05 Success IUENGINE Determining machine configuration
2004-10-04 10:20:05 00:20:05 Error IUENGINE Querying software update catalog from http://10.3.0.80/autoupdatedrivers/getmanifest.asp (Error 0x80190194)
2004-10-04 10:20:05 00:20:05 Success IUENGINE Shutting down
--------------------------
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK. Thanks D.