Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


SUS trouble...

Posted on 2005-03-17
Medium Priority
Last Modified: 2013-12-04
Hi All,

Sorry if this question is not at the right place...

I have a strange problem with SUS. It used to work fine for about
4 months, this week I realised that the list of pathes has disapeared
when I click on "Approve updates"
I tried a manual synchronization to MS site... Just in case. Anyway, I
should see all the previous approved and not approved patches.

Is there anybody that had the same experience ?

Question by:wwalschaerts
  • 3
  • 3
LVL 58

Expert Comment

by:Pete Long
ID: 13564625
no but dump SUS now and put in WUS I did this the other week when SUS fell over :)

Installing Windows Update Services

WUS needs to be on a server running IIS, it will need about 2-3Gb spare hard drive space to hold the updates, it also needs a few things installed before you can run it,

1. A database server either SQL or MSDE (MSDE is free and you can download it from Microsoft)
http://www.microsoft.com/sql/msde/downloads/default.asp NOTE I've seen papers that say it will install MSDE during the install process, but every time I tried it wouldn't start until the database service was already there.

2. Bits (Background intelligent Transfer service) Version 2

3. .Net Framework package (get this by simply doing a routine update at http://v4.windowsupdate.microsoft.com/ )

Now you need to download the WUS installer (about 79Mb) http://www.microsoft.com/windowsserversystem/wus/trial.mspx

Download and run it (WUSSetup.exe)

At the welcome screen click next
Ensure the box is ticked and check the location where you want to hold the updates (c:\wus is the default though you can choose another volume if you want to)
Next is the database bit, if you managed to get this far without installing SQL or MSDE then your doing better than I did and can tick the default (Install SQL server Desktop Engine) or like me you can choose the other option of "Use existing database" - Click Next
The following few pages set up the connection to SQL or MSDE
Now it wants to create a website choose "Create a Windows Update Services Website" Click Next
At the summary click next
When its done click finish.

Now open a WUSAdmin session, launch internet explorer and go to

Click Options (Top right)
Click Synchronisation options
The top box "Schedule" lets you set up when you want the server to synchronise with Microsoft - for now leave it on synchronise manually
The next box down "Products and Classifications" you will see two Change buttons - Press the one under Products

Remember WUS does things other than windows so pick the correct options for your network

When you’ve done click OK

Now click the other change button under "Update Classifications" again tick what you want - Note Service packs is NOT selected by default!

When you’re done click OK

Scroll to the bottom of the page and click the "advanced" button (under update files and languages)

Ensure Store Files locally on this server is ticked
and tick "download only when updates are approved" <-- this is much better than the old SUS that used to download everything :)
Unless you use a lot of languages then tick the box that says "Download only the updates that match the locale of this server (English)" Again this is better than SUS that downloaded the same thing in 30 languages.

When you’re done click OK

Finally Pay attention to the Proxy settings (you need HTTP and HTTPS) out for it to work, if you need to authenticate then give it a username and password to get out under.

NB If you’re using ISA as a proxy you might need to change the port number to 8080 or it may fail (took me 15 mins to work that out)

If it doesn’t save the settings automatically - click save settings.

Click Synchronise now - look down and make sure you see the current state say running (percent) and make sure it is running, this is going to take a while so time for a coffee and a sandwich..............

.........All done? remember your still set to manual so scroll to the top of the page and set "Synchronise daily at <time>" and make sure that ticked. (don't forget to save settings again)

OK now you need it to start seeing the clients before you do anything else...........

------------Now you need to configure the client PC's---------------

You can do this in two ways either by LOCAL policy that means you need to configure it on each client or through Domain Policy.

1. If you are setting this up on the Domain skip to number 2, On the client click Start > Run > gpedit.msc {enter}

2. If you are doing this on a Local PC skip to number 3, On a domain controller open administrative tools > Active directory users and computers, right click the domain (you can do this on an OU too if you wish) and select Properties > Group Policy > select the "default Domain Policy" and click Edit.

3. Navigate to Computer Configuration > Administrative Templates >Windows Components > Windows Update. On the right pane locate "Configure Automatic Updates" and right click it, select properties.

4. Select Enabled, in the first drop down box you set the action for the updates, I prefer not to frighten my users so I select "4 - Auto download and schedule the install" you can now set the schedule by default its set to 0300 which isn’t no good if all your PC's are shut down at that time (set it to 1400)

5. Click "Next Setting" > Enable > in both box's type the URL of your SUS server (i.e. http://<your_server_name>:8530). then Click "Next Setting" > if you see a "enable client side targeting properties page click "Next Setting" the next screen shout ask for a wait period after start-up for the updates to run select enables and enter 5 minutes.

6. Click "Next Setting" this comes in to play if an update requires a reboot, for an explanation click the "Explain" tab, I set this to Enable. that meant it will inform the user but not reboot.

7. Click OK exit the policy editor, you can force the policy to take effect, by clicking..

XP and server 2003: Start > run > gpupdate {enter}

You can test to see if they have applied by right clicking "My computer" > Properties > Automatic Updates, and the time you set in policy should be shown and all the options "greyed out"


Now I suggest you create some groups – I’m my case I create a "Live" Group and a "Test" Group that way I can test the updates on a few PC's (The ones in my office) before I fire them at everyone.

Click Computers > Create a Computer Group
Select the PC's you want in that group (usual multi-select rules apply) - (It may take a while for it to find computers don’t worry)
Click "Move the selected computer"
From the drop down select the group you want to move to > click OK


While you are waiting for population to occur click the UPDATES button.
By default it displays "Critical and security updates" remember there’s a different tab called "All Updates" select this one!

Firstly everything is set to "Detect Only" you need to select the updates you want to "Farm out" then click "Change approval" I know there are millions of them but you can do lots at a time by multiple selecting them. and change then to install (Note if you find one breaks something toy can set it to "Remove")


WARNING - I didn’t write the updates, Microsoft did, if you approve something that breaks your clients then moan at them not me.


By this time your database should have started populating (It can take a few days) Click Computers
you can move the computers from "unassigned" to the groups you set up earlier.

*****Possible Problems*****
1. Update client wont update - one of the first things your clients do is try to update the update client - this may fail if it does go to the WUS server and run

c:\Program Files\Microsoft Windows Update Services\Setup

and Run installselfupdateonport80.vbs

2. Clients wont import or partially import - On the WUS server open administrative tools > Internet Information Services Manager > locate the "WUS Administration" Website > right click > Properties > "web Site" > change the TCP Port from 8530 to 80

3. Also make sure "Authenticated Users" have permissions to the C:\WUS directory on the server.

Author Comment

ID: 13564684
This is very interesting but we can't use WUS yet. I have french
systems and french WUS is not yet ready.

Thks anyway,
LVL 58

Expert Comment

by:Pete Long
ID: 13566357
English WUS will deploy French updates?
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 13566807
Not at all.... I would like to but I have to wait for a french WUS
That's why I am still using SUS.
LVL 58

Expert Comment

by:Pete Long
ID: 13566871
OK Its just I has to turn off the the french - german - etc updates as WUS pulls everything in :)

Author Comment

ID: 13621256
Well... As I don't see any option to close this question, here is
what I finally did :

I did a copy of SUS folder,
do a SUS repair
copy the content of the old SUS folder to the new one.


Accepted Solution

DarthMod earned 0 total points
ID: 14239688
PAQed with points (125) refunded

Community Support Moderator

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question