WSUS is not automatically installing updates.  Still asking for manual install.

Posted on 2006-04-12
Last Modified: 2010-05-18
WSUS server is set up with the following:
    All computers are in a group called "WSUS Computers"
    "WSUS Computers" is linked to the "mydomain.local" in a GPO named "WSUS Nodes."
    In the WSUS Nodes GPO I have the following enabled:
        Allow Automatic Updates Immediate Installation          Enabled
        Configure Automatic Updates                                     Enabled
               Configure Automatic updating                                    4 - Auto Download and schedule the install
               Schedule install day:                                                 0 - Every day
               Scheduled install time:                                              21:00
        Do not adjust default option to 'Install Updates and      Enabled
             Shut Down' in Shut Down Windows dialog box
        Specify intranet Microsoft updated service Location      Enabled
             Set the intranet update service for detecting           http://MyServer
             Set the intranet statistics server:                           http://MyServer

When updates get sent from the server, some computers get a little green shield in the system tray that says that this computer has received updates.  That is what I am looking for for all of the computers.  However, other computers get the yellow shield with the black exclamation point on it that says updates have been downloaded, and ready to install.  The users then have to select update.   When I look at the update settings on an individual computer, it is grayed out and set to update automatically everyday at 9:00pm.  I do not want them to have to bother with the updates.

One other thing I do not know if it is important.  In the event log, there are several entries that look like this:

Source: Windows Server Update services
Catagory: Update Server services
Event ID: 503
The Windows Server Update Services Server experienced an error while attempting to write to the log file.
1768.3886  <===== (This is different on all of the event log entries.)
System.UnauthorizedAccessException: Access to the path "C:\Program Files\Update Services\LogFiles\SoftwareDistribution.log" is denied.
   at System.IO.__Error.WinIOError(Int32 errorCode, String str)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, Boolean useAsync, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
   at Microsoft.UpdateServices.Internal.TraceLogger.OpenFile()
   at Microsoft.UpdateServices.Internal.TraceLogger.WriteLine(String message)

For more information, see Help and Support Center at
(Of course when you hit the link it says there is no more information on this error.)

How do I get all of the computers to automatically install all of the updates I tell it to without the need for user’s intervention? Could the SUS be having difficulty accessing the log file so it doesn't complete the install?  If so, where do I give SUS permission to access the "Update Services" directory?  Or is this a totally unrelated issue?
Question by:tjmichael
    LVL 12

    Expert Comment

    Are your computers logged in and turned on at 9pm?  Most of The updates won't install unless they are logged I would change the time to either just after they get in or just before they leave.  Here is a copy of my policy, it installs the updates when as they log off on thursday evening:

    Policy Setting
    Allow Automatic Updates immediate installation Enabled
    Configure Automatic Updates Enabled
    Configure automatic updating: 4 - Auto download and schedule the install
    The following settings are only required
    and applicable if 4 is selected.
    Scheduled install day:  5 - Every Thursday
    Scheduled install time: 16:00
    Policy Setting
    Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box Disabled
    No auto-restart for scheduled Automatic Updates installations Enabled
    Specify intranet Microsoft update service location Enabled
    Set the intranet update service for detecting updates: http://server:8530
    Set the intranet statistics server: http://server:8530

    Author Comment

    It looks the same as mine except for the "No auto-restart for scheduled..."

    Yes all of the users are asked to not shut down at night when they leave.  They are to restart their computers and turn off the monitor.  (I also run the anti-virus scan at night as well but at a different time).
    LVL 12

    Expert Comment

    The 503 error is probably seperate, here is what you can do to fix it:

    1.  Check ownership and permissions on the following file/folder -
    ---- C:\Program Files\Update Services\LogFiles\SoftwareDistribution.log
    ----Check to see if WSUS administrators have access to folder/file
    ----Take ownership then set the folder to inherit permissions.

    2.  check the size of  the softwaredistrobution log file, it should be 20mb or less.  If its bigger delete and restart the wsus services
    LVL 12

    Expert Comment

    Ahh, then thats probably the problem, for most of the updates (all?) a user must be logged in.  

    Author Comment

    I do not want the computers to be left logged on all night.  Is there a way to have the computers updated while logged off?  Or, is there a more secure way to send down the updates without having the users PC's slowed down during the updates?
    LVL 12

    Accepted Solution

    Unfortunately they must be logged in to get most of the updates, thats why I have mine set for users to install them when they go home on thursday selecting (by default) the 'Install Updates and Shut Down' option.  This has proven to be the least intrusive for me.

    Author Comment

    Some updates will change system files.  Do the users need specific user rights on thier PC's? or is power user sufficiant for the updates to install?  

    Author Comment

    Still getting a 503 error though.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
    On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now