?
Solved

SUS trouble...

Posted on 2005-03-17
8
Medium Priority
?
235 Views
Last Modified: 2013-12-04
Hi All,

Sorry if this question is not at the right place...

I have a strange problem with SUS. It used to work fine for about
4 months, this week I realised that the list of pathes has disapeared
when I click on "Approve updates"
I tried a manual synchronization to MS site... Just in case. Anyway, I
should see all the previous approved and not approved patches.

Is there anybody that had the same experience ?

Thks
WW
0
Comment
Question by:wwalschaerts
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
8 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 13564625
no but dump SUS now and put in WUS I did this the other week when SUS fell over :)

Installing Windows Update Services

WUS needs to be on a server running IIS, it will need about 2-3Gb spare hard drive space to hold the updates, it also needs a few things installed before you can run it,

1. A database server either SQL or MSDE (MSDE is free and you can download it from Microsoft)
http://www.microsoft.com/sql/msde/downloads/default.asp NOTE I've seen papers that say it will install MSDE during the install process, but every time I tried it wouldn't start until the database service was already there.

2. Bits (Background intelligent Transfer service) Version 2
http://support.microsoft.com/default.aspx?kbid=842773

3. .Net Framework package (get this by simply doing a routine update at http://v4.windowsupdate.microsoft.com/ )


Now you need to download the WUS installer (about 79Mb) http://www.microsoft.com/windowsserversystem/wus/trial.mspx

Download and run it (WUSSetup.exe)

At the welcome screen click next
Ensure the box is ticked and check the location where you want to hold the updates (c:\wus is the default though you can choose another volume if you want to)
Next is the database bit, if you managed to get this far without installing SQL or MSDE then your doing better than I did and can tick the default (Install SQL server Desktop Engine) or like me you can choose the other option of "Use existing database" - Click Next
The following few pages set up the connection to SQL or MSDE
Now it wants to create a website choose "Create a Windows Update Services Website" Click Next
At the summary click next
When its done click finish.

Now open a WUSAdmin session, launch internet explorer and go to
http://<your_server_name_>:8530/Wusadmin/

Click Options (Top right)
Click Synchronisation options
The top box "Schedule" lets you set up when you want the server to synchronise with Microsoft - for now leave it on synchronise manually
The next box down "Products and Classifications" you will see two Change buttons - Press the one under Products

Remember WUS does things other than windows so pick the correct options for your network

When you’ve done click OK

Now click the other change button under "Update Classifications" again tick what you want - Note Service packs is NOT selected by default!

When you’re done click OK


Scroll to the bottom of the page and click the "advanced" button (under update files and languages)

Ensure Store Files locally on this server is ticked
and tick "download only when updates are approved" <-- this is much better than the old SUS that used to download everything :)
Unless you use a lot of languages then tick the box that says "Download only the updates that match the locale of this server (English)" Again this is better than SUS that downloaded the same thing in 30 languages.

When you’re done click OK

Finally Pay attention to the Proxy settings (you need HTTP and HTTPS) out for it to work, if you need to authenticate then give it a username and password to get out under.

NB If you’re using ISA as a proxy you might need to change the port number to 8080 or it may fail (took me 15 mins to work that out)

If it doesn’t save the settings automatically - click save settings.

Click Synchronise now - look down and make sure you see the current state say running (percent) and make sure it is running, this is going to take a while so time for a coffee and a sandwich..............

.........All done? remember your still set to manual so scroll to the top of the page and set "Synchronise daily at <time>" and make sure that ticked. (don't forget to save settings again)

OK now you need it to start seeing the clients before you do anything else...........



------------Now you need to configure the client PC's---------------

You can do this in two ways either by LOCAL policy that means you need to configure it on each client or through Domain Policy.

1. If you are setting this up on the Domain skip to number 2, On the client click Start > Run > gpedit.msc {enter}

2. If you are doing this on a Local PC skip to number 3, On a domain controller open administrative tools > Active directory users and computers, right click the domain (you can do this on an OU too if you wish) and select Properties > Group Policy > select the "default Domain Policy" and click Edit.

3. Navigate to Computer Configuration > Administrative Templates >Windows Components > Windows Update. On the right pane locate "Configure Automatic Updates" and right click it, select properties.

4. Select Enabled, in the first drop down box you set the action for the updates, I prefer not to frighten my users so I select "4 - Auto download and schedule the install" you can now set the schedule by default its set to 0300 which isn’t no good if all your PC's are shut down at that time (set it to 1400)

5. Click "Next Setting" > Enable > in both box's type the URL of your SUS server (i.e. http://<your_server_name>:8530). then Click "Next Setting" > if you see a "enable client side targeting properties page click "Next Setting" the next screen shout ask for a wait period after start-up for the updates to run select enables and enter 5 minutes.

6. Click "Next Setting" this comes in to play if an update requires a reboot, for an explanation click the "Explain" tab, I set this to Enable. that meant it will inform the user but not reboot.

7. Click OK exit the policy editor, you can force the policy to take effect, by clicking..

XP and server 2003: Start > run > gpupdate {enter}
2000: Start > run > SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE  

You can test to see if they have applied by right clicking "My computer" > Properties > Automatic Updates, and the time you set in policy should be shown and all the options "greyed out"

----------------------------------------------------------------------

Now I suggest you create some groups – I’m my case I create a "Live" Group and a "Test" Group that way I can test the updates on a few PC's (The ones in my office) before I fire them at everyone.

Click Computers > Create a Computer Group
Select the PC's you want in that group (usual multi-select rules apply) - (It may take a while for it to find computers don’t worry)
Click "Move the selected computer"
From the drop down select the group you want to move to > click OK

----------------------------------------------------------------------


While you are waiting for population to occur click the UPDATES button.
By default it displays "Critical and security updates" remember there’s a different tab called "All Updates" select this one!

Firstly everything is set to "Detect Only" you need to select the updates you want to "Farm out" then click "Change approval" I know there are millions of them but you can do lots at a time by multiple selecting them. and change then to install (Note if you find one breaks something toy can set it to "Remove")

SET THE OPTIONS DEPENDING ON WHAT GROUP YOU WANT TO DEPLOY THE UPDATES TO

WARNING - I didn’t write the updates, Microsoft did, if you approve something that breaks your clients then moan at them not me.

----------------------------------------------------------------------


By this time your database should have started populating (It can take a few days) Click Computers
you can move the computers from "unassigned" to the groups you set up earlier.


*****Possible Problems*****
1. Update client wont update - one of the first things your clients do is try to update the update client - this may fail if it does go to the WUS server and run

c:\Program Files\Microsoft Windows Update Services\Setup

and Run installselfupdateonport80.vbs

2. Clients wont import or partially import - On the WUS server open administrative tools > Internet Information Services Manager > locate the "WUS Administration" Website > right click > Properties > "web Site" > change the TCP Port from 8530 to 80

3. Also make sure "Authenticated Users" have permissions to the C:\WUS directory on the server.
0
 

Author Comment

by:wwalschaerts
ID: 13564684
This is very interesting but we can't use WUS yet. I have french
systems and french WUS is not yet ready.

Thks anyway,
WW
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 13566357
English WUS will deploy French updates?
0
Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

 

Author Comment

by:wwalschaerts
ID: 13566807
Not at all.... I would like to but I have to wait for a french WUS
 version.
That's why I am still using SUS.
WW
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 13566871
OK Its just I has to turn off the the french - german - etc updates as WUS pulls everything in :)
0
 

Author Comment

by:wwalschaerts
ID: 13621256
Well... As I don't see any option to close this question, here is
what I finally did :

I did a copy of SUS folder,
do a SUS repair
copy the content of the old SUS folder to the new one.

Regards,
WW
0
 
LVL 1

Accepted Solution

by:
DarthMod earned 0 total points
ID: 14239688
PAQed with points (125) refunded

DarthMod
Community Support Moderator
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question