WSUS Problems...

Posted on 2006-03-30
Last Modified: 2010-04-18
WSUS does not seem to be updating the machines on our network on a regular basis and I need help configuring it to work properly.  Here is my existing configuration:

1.  WSUS is controlled by GPO; servers are set to #3, workstations are set to #4 and I have a separate OU for new builds set to #3.  All are set to every day.
2.  WSUS sees all the machines and there does not seem to be any problem with communication.
3.  WSUS is running on a server using MSDE (will transfer to SQL soon).
4.  I can see the patches that need to be applied to machines from day to day, but patches do not appear to be applied.  On one server the last patch applied was 3-2-2006, even though the server has been rebooted recently.  However, the WSUS last updated date is recent.

Here are my problems:

1.  How can I get WSUS to update machines on a regular basis?  I want to be able to control updates and apply them immediately if needed.
2.  What are all the relevant switches for wuauclt.exe (i.e. wuauclt /detectnow).  What operating systems will wuauclt.exe work on (i.e. XP, 2000, etc.)?
3.  How can I tell if a patch is waiting for a restart to be applied?  How can I tell if it has been downloaded to a machine?
4.  I have tried to use wuauclt /detectnow on some of the clients in the seprate OU I mentioned above but get no action I can see at the workstation.
5.  How do I get rid of the Unknown patches?  If I just set patches to install into each computer group, apparently WSUS will determine which client in which group needs the patch and ignore the rest?  I don't really need to set patches to install to certain groups?  How does this work exactly?
6.  If I need to apply a patch immediately, do I have to modify the GPO?  By this, I mean modify the GPO to a time just beyond the time (90 minutes?) it takes for all clients to update their GPO settings?
7.  What settings should I use to update my workstations once every day?

Question by:isd503
    LVL 33

    Accepted Solution

    Check out these webcasts to get a better overall idea of how WSUS works....:
    LVL 3

    Author Comment

    I understand how it works, I just need more details on the details...
    LVL 48

    Expert Comment

    Hi isd503,

    what is your current GPO config? do you have a separate policy for your WSUS settings. what have you got configured so far?

    LVL 3

    Author Comment

    This is the setting for the workstations.  I have a separate GPO for the workstations, one for the severs and one for new machines.

    Administrative Templates

    System/Internet Communication Management/Internet Communication settings
    Turn off access to all Windows Update features Enabled

    Windows Components/Windows Update
    Allow Automatic Updates immediate installation Enabled
    Allow non-administrators to receive update notifications Enabled
    Automatic Updates detection frequency Enabled
    Check for updates at the following
    interval (hours):  22
    Configure Automatic Updates Enabled
    Configure automatic updating: 4 - Auto download and schedule the install
    The following settings are only required
    and applicable if 4 is selected.
    Scheduled install day:  0 - Every day
    Scheduled install time: 03:00
    Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box Enabled
    Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box Enabled
    No auto-restart for scheduled Automatic Updates installations Enabled
    Re-prompt for restart with scheduled installations Enabled
    Wait the following period before
    prompting again with a scheduled
    restart (minutes):  20
    Reschedule Automatic Updates scheduled installations Enabled
    Wait after system
    startup (minutes):  10
    Specify intranet Microsoft update service location Enabled
    Set the intranet update service for detecting updates: http://servername
    Set the intranet statistics server: http://servername
    LVL 48

    Expert Comment

    are the clients actually getting the policy

    just run a gpresult on the client end for me to double check the policy actually hits
    LVL 3

    Author Comment

    It hits.  It's the detailed configuration I need help with.  The WSUS client test tool reports all is OK.

    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    Join & Write a Comment

    Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
    On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now