SUS trouble...

Hi All,

Sorry if this question is not at the right place...

I have a strange problem with SUS. It used to work fine for about
4 months, this week I realised that the list of pathes has disapeared
when I click on "Approve updates"
I tried a manual synchronization to MS site... Just in case. Anyway, I
should see all the previous approved and not approved patches.

Is there anybody that had the same experience ?

Thks
WW
wwalschaertsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
no but dump SUS now and put in WUS I did this the other week when SUS fell over :)

Installing Windows Update Services

WUS needs to be on a server running IIS, it will need about 2-3Gb spare hard drive space to hold the updates, it also needs a few things installed before you can run it,

1. A database server either SQL or MSDE (MSDE is free and you can download it from Microsoft)
http://www.microsoft.com/sql/msde/downloads/default.asp NOTE I've seen papers that say it will install MSDE during the install process, but every time I tried it wouldn't start until the database service was already there.

2. Bits (Background intelligent Transfer service) Version 2
http://support.microsoft.com/default.aspx?kbid=842773

3. .Net Framework package (get this by simply doing a routine update at http://v4.windowsupdate.microsoft.com/ )


Now you need to download the WUS installer (about 79Mb) http://www.microsoft.com/windowsserversystem/wus/trial.mspx

Download and run it (WUSSetup.exe)

At the welcome screen click next
Ensure the box is ticked and check the location where you want to hold the updates (c:\wus is the default though you can choose another volume if you want to)
Next is the database bit, if you managed to get this far without installing SQL or MSDE then your doing better than I did and can tick the default (Install SQL server Desktop Engine) or like me you can choose the other option of "Use existing database" - Click Next
The following few pages set up the connection to SQL or MSDE
Now it wants to create a website choose "Create a Windows Update Services Website" Click Next
At the summary click next
When its done click finish.

Now open a WUSAdmin session, launch internet explorer and go to
http://<your_server_name_>:8530/Wusadmin/

Click Options (Top right)
Click Synchronisation options
The top box "Schedule" lets you set up when you want the server to synchronise with Microsoft - for now leave it on synchronise manually
The next box down "Products and Classifications" you will see two Change buttons - Press the one under Products

Remember WUS does things other than windows so pick the correct options for your network

When you’ve done click OK

Now click the other change button under "Update Classifications" again tick what you want - Note Service packs is NOT selected by default!

When you’re done click OK


Scroll to the bottom of the page and click the "advanced" button (under update files and languages)

Ensure Store Files locally on this server is ticked
and tick "download only when updates are approved" <-- this is much better than the old SUS that used to download everything :)
Unless you use a lot of languages then tick the box that says "Download only the updates that match the locale of this server (English)" Again this is better than SUS that downloaded the same thing in 30 languages.

When you’re done click OK

Finally Pay attention to the Proxy settings (you need HTTP and HTTPS) out for it to work, if you need to authenticate then give it a username and password to get out under.

NB If you’re using ISA as a proxy you might need to change the port number to 8080 or it may fail (took me 15 mins to work that out)

If it doesn’t save the settings automatically - click save settings.

Click Synchronise now - look down and make sure you see the current state say running (percent) and make sure it is running, this is going to take a while so time for a coffee and a sandwich..............

.........All done? remember your still set to manual so scroll to the top of the page and set "Synchronise daily at <time>" and make sure that ticked. (don't forget to save settings again)

OK now you need it to start seeing the clients before you do anything else...........



------------Now you need to configure the client PC's---------------

You can do this in two ways either by LOCAL policy that means you need to configure it on each client or through Domain Policy.

1. If you are setting this up on the Domain skip to number 2, On the client click Start > Run > gpedit.msc {enter}

2. If you are doing this on a Local PC skip to number 3, On a domain controller open administrative tools > Active directory users and computers, right click the domain (you can do this on an OU too if you wish) and select Properties > Group Policy > select the "default Domain Policy" and click Edit.

3. Navigate to Computer Configuration > Administrative Templates >Windows Components > Windows Update. On the right pane locate "Configure Automatic Updates" and right click it, select properties.

4. Select Enabled, in the first drop down box you set the action for the updates, I prefer not to frighten my users so I select "4 - Auto download and schedule the install" you can now set the schedule by default its set to 0300 which isn’t no good if all your PC's are shut down at that time (set it to 1400)

5. Click "Next Setting" > Enable > in both box's type the URL of your SUS server (i.e. http://<your_server_name>:8530). then Click "Next Setting" > if you see a "enable client side targeting properties page click "Next Setting" the next screen shout ask for a wait period after start-up for the updates to run select enables and enter 5 minutes.

6. Click "Next Setting" this comes in to play if an update requires a reboot, for an explanation click the "Explain" tab, I set this to Enable. that meant it will inform the user but not reboot.

7. Click OK exit the policy editor, you can force the policy to take effect, by clicking..

XP and server 2003: Start > run > gpupdate {enter}
2000: Start > run > SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE  

You can test to see if they have applied by right clicking "My computer" > Properties > Automatic Updates, and the time you set in policy should be shown and all the options "greyed out"

----------------------------------------------------------------------

Now I suggest you create some groups – I’m my case I create a "Live" Group and a "Test" Group that way I can test the updates on a few PC's (The ones in my office) before I fire them at everyone.

Click Computers > Create a Computer Group
Select the PC's you want in that group (usual multi-select rules apply) - (It may take a while for it to find computers don’t worry)
Click "Move the selected computer"
From the drop down select the group you want to move to > click OK

----------------------------------------------------------------------


While you are waiting for population to occur click the UPDATES button.
By default it displays "Critical and security updates" remember there’s a different tab called "All Updates" select this one!

Firstly everything is set to "Detect Only" you need to select the updates you want to "Farm out" then click "Change approval" I know there are millions of them but you can do lots at a time by multiple selecting them. and change then to install (Note if you find one breaks something toy can set it to "Remove")

SET THE OPTIONS DEPENDING ON WHAT GROUP YOU WANT TO DEPLOY THE UPDATES TO

WARNING - I didn’t write the updates, Microsoft did, if you approve something that breaks your clients then moan at them not me.

----------------------------------------------------------------------


By this time your database should have started populating (It can take a few days) Click Computers
you can move the computers from "unassigned" to the groups you set up earlier.


*****Possible Problems*****
1. Update client wont update - one of the first things your clients do is try to update the update client - this may fail if it does go to the WUS server and run

c:\Program Files\Microsoft Windows Update Services\Setup

and Run installselfupdateonport80.vbs

2. Clients wont import or partially import - On the WUS server open administrative tools > Internet Information Services Manager > locate the "WUS Administration" Website > right click > Properties > "web Site" > change the TCP Port from 8530 to 80

3. Also make sure "Authenticated Users" have permissions to the C:\WUS directory on the server.
0
wwalschaertsAuthor Commented:
This is very interesting but we can't use WUS yet. I have french
systems and french WUS is not yet ready.

Thks anyway,
WW
0
Pete LongTechnical ConsultantCommented:
English WUS will deploy French updates?
0
Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

wwalschaertsAuthor Commented:
Not at all.... I would like to but I have to wait for a french WUS
 version.
That's why I am still using SUS.
WW
0
Pete LongTechnical ConsultantCommented:
OK Its just I has to turn off the the french - german - etc updates as WUS pulls everything in :)
0
wwalschaertsAuthor Commented:
Well... As I don't see any option to close this question, here is
what I finally did :

I did a copy of SUS folder,
do a SUS repair
copy the content of the old SUS folder to the new one.

Regards,
WW
0
DarthModCommented:
PAQed with points (125) refunded

DarthMod
Community Support Moderator
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.