WSUS Problems...

Posted on 2006-03-30
Medium Priority
Last Modified: 2010-04-18
WSUS does not seem to be updating the machines on our network on a regular basis and I need help configuring it to work properly.  Here is my existing configuration:

1.  WSUS is controlled by GPO; servers are set to #3, workstations are set to #4 and I have a separate OU for new builds set to #3.  All are set to every day.
2.  WSUS sees all the machines and there does not seem to be any problem with communication.
3.  WSUS is running on a server using MSDE (will transfer to SQL soon).
4.  I can see the patches that need to be applied to machines from day to day, but patches do not appear to be applied.  On one server the last patch applied was 3-2-2006, even though the server has been rebooted recently.  However, the WSUS last updated date is recent.

Here are my problems:

1.  How can I get WSUS to update machines on a regular basis?  I want to be able to control updates and apply them immediately if needed.
2.  What are all the relevant switches for wuauclt.exe (i.e. wuauclt /detectnow).  What operating systems will wuauclt.exe work on (i.e. XP, 2000, etc.)?
3.  How can I tell if a patch is waiting for a restart to be applied?  How can I tell if it has been downloaded to a machine?
4.  I have tried to use wuauclt /detectnow on some of the clients in the seprate OU I mentioned above but get no action I can see at the workstation.
5.  How do I get rid of the Unknown patches?  If I just set patches to install into each computer group, apparently WSUS will determine which client in which group needs the patch and ignore the rest?  I don't really need to set patches to install to certain groups?  How does this work exactly?
6.  If I need to apply a patch immediately, do I have to modify the GPO?  By this, I mean modify the GPO to a time just beyond the time (90 minutes?) it takes for all clients to update their GPO settings?
7.  What settings should I use to update my workstations once every day?

Question by:isd503
  • 3
  • 2
LVL 33

Accepted Solution

NJComputerNetworks earned 1000 total points
ID: 16334633
Check out these webcasts to get a better overall idea of how WSUS works....:  http://www.microsoft.com/windowsserversystem/updateservices/support/default.mspx

Author Comment

ID: 16336606
I understand how it works, I just need more details on the details...
LVL 48

Expert Comment

ID: 16338104
Hi isd503,

what is your current GPO config? do you have a separate policy for your WSUS settings. what have you got configured so far?

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 16338391
This is the setting for the workstations.  I have a separate GPO for the workstations, one for the severs and one for new machines.

Administrative Templates

System/Internet Communication Management/Internet Communication settings
Turn off access to all Windows Update features Enabled

Windows Components/Windows Update
Allow Automatic Updates immediate installation Enabled
Allow non-administrators to receive update notifications Enabled
Automatic Updates detection frequency Enabled
Check for updates at the following
interval (hours):  22
Configure Automatic Updates Enabled
Configure automatic updating: 4 - Auto download and schedule the install
The following settings are only required
and applicable if 4 is selected.
Scheduled install day:  0 - Every day
Scheduled install time: 03:00
Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box Enabled
Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box Enabled
No auto-restart for scheduled Automatic Updates installations Enabled
Re-prompt for restart with scheduled installations Enabled
Wait the following period before
prompting again with a scheduled
restart (minutes):  20
Reschedule Automatic Updates scheduled installations Enabled
Wait after system
startup (minutes):  10
Specify intranet Microsoft update service location Enabled
Set the intranet update service for detecting updates: http://servername 
Set the intranet statistics server: http://servername
LVL 48

Expert Comment

ID: 16338422
are the clients actually getting the policy

just run a gpresult on the client end for me to double check the policy actually hits

Author Comment

ID: 16339192
It hits.  It's the detailed configuration I need help with.  The WSUS client test tool reports all is OK.

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Integration Management Part 2
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question