tjmichael
asked on
WSUS is not automatically installing updates. Still asking for manual install.
WSUS server is set up with the following:
All computers are in a group called "WSUS Computers"
"WSUS Computers" is linked to the "mydomain.local" in a GPO named "WSUS Nodes."
In the WSUS Nodes GPO I have the following enabled:
Allow Automatic Updates Immediate Installation Enabled
Configure Automatic Updates Enabled
Configure Automatic updating 4 - Auto Download and schedule the install
Schedule install day: 0 - Every day
Scheduled install time: 21:00
Do not adjust default option to 'Install Updates and Enabled
Shut Down' in Shut Down Windows dialog box
Specify intranet Microsoft updated service Location Enabled
Set the intranet update service for detecting http://MyServer
updates:
Set the intranet statistics server: http://MyServer
When updates get sent from the server, some computers get a little green shield in the system tray that says that this computer has received updates. That is what I am looking for for all of the computers. However, other computers get the yellow shield with the black exclamation point on it that says updates have been downloaded, and ready to install. The users then have to select update. When I look at the update settings on an individual computer, it is grayed out and set to update automatically everyday at 9:00pm. I do not want them to have to bother with the updates.
One other thing I do not know if it is important. In the event log, there are several entries that look like this:
Source: Windows Server Update services
Catagory: Update Server services
Event ID: 503
The Windows Server Update Services Server experienced an error while attempting to write to the log file.
1768.3886 <===== (This is different on all of the event log entries.)
System.UnauthorizedAccessE xception: Access to the path "C:\Program Files\Update Services\LogFiles\Software Distributi on.log" is denied.
at System.IO.__Error.WinIOErr or(Int32 errorCode, String str)
at System.IO.FileStream..ctor (String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, Boolean useAsync, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor (String path, FileMode mode, FileAccess access, FileShare share)
at Microsoft.UpdateServices.I nternal.Tr aceLogger. OpenFile()
at Microsoft.UpdateServices.I nternal.Tr aceLogger. WriteLine( String message)
For more information, see Help and Support Center at
(Of course when you hit the link it says there is no more information on this error.)
How do I get all of the computers to automatically install all of the updates I tell it to without the need for user’s intervention? Could the SUS be having difficulty accessing the log file so it doesn't complete the install? If so, where do I give SUS permission to access the "Update Services" directory? Or is this a totally unrelated issue?
All computers are in a group called "WSUS Computers"
"WSUS Computers" is linked to the "mydomain.local" in a GPO named "WSUS Nodes."
In the WSUS Nodes GPO I have the following enabled:
Allow Automatic Updates Immediate Installation Enabled
Configure Automatic Updates Enabled
Configure Automatic updating 4 - Auto Download and schedule the install
Schedule install day: 0 - Every day
Scheduled install time: 21:00
Do not adjust default option to 'Install Updates and Enabled
Shut Down' in Shut Down Windows dialog box
Specify intranet Microsoft updated service Location Enabled
Set the intranet update service for detecting http://MyServer
updates:
Set the intranet statistics server: http://MyServer
When updates get sent from the server, some computers get a little green shield in the system tray that says that this computer has received updates. That is what I am looking for for all of the computers. However, other computers get the yellow shield with the black exclamation point on it that says updates have been downloaded, and ready to install. The users then have to select update. When I look at the update settings on an individual computer, it is grayed out and set to update automatically everyday at 9:00pm. I do not want them to have to bother with the updates.
One other thing I do not know if it is important. In the event log, there are several entries that look like this:
Source: Windows Server Update services
Catagory: Update Server services
Event ID: 503
The Windows Server Update Services Server experienced an error while attempting to write to the log file.
1768.3886 <===== (This is different on all of the event log entries.)
System.UnauthorizedAccessE
at System.IO.__Error.WinIOErr
at System.IO.FileStream..ctor
at System.IO.FileStream..ctor
at Microsoft.UpdateServices.I
at Microsoft.UpdateServices.I
For more information, see Help and Support Center at
(Of course when you hit the link it says there is no more information on this error.)
How do I get all of the computers to automatically install all of the updates I tell it to without the need for user’s intervention? Could the SUS be having difficulty accessing the log file so it doesn't complete the install? If so, where do I give SUS permission to access the "Update Services" directory? Or is this a totally unrelated issue?
ASKER
It looks the same as mine except for the "No auto-restart for scheduled..."
Yes all of the users are asked to not shut down at night when they leave. They are to restart their computers and turn off the monitor. (I also run the anti-virus scan at night as well but at a different time).
Yes all of the users are asked to not shut down at night when they leave. They are to restart their computers and turn off the monitor. (I also run the anti-virus scan at night as well but at a different time).
The 503 error is probably seperate, here is what you can do to fix it:
1. Check ownership and permissions on the following file/folder -
---- C:\Program Files\Update Services\LogFiles\Software Distributi on.log
----Check to see if WSUS administrators have access to folder/file
----Take ownership then set the folder to inherit permissions.
2. check the size of the softwaredistrobution log file, it should be 20mb or less. If its bigger delete and restart the wsus services
1. Check ownership and permissions on the following file/folder -
---- C:\Program Files\Update Services\LogFiles\Software
----Check to see if WSUS administrators have access to folder/file
----Take ownership then set the folder to inherit permissions.
2. check the size of the softwaredistrobution log file, it should be 20mb or less. If its bigger delete and restart the wsus services
Ahh, then thats probably the problem, for most of the updates (all?) a user must be logged in.
ASKER
I do not want the computers to be left logged on all night. Is there a way to have the computers updated while logged off? Or, is there a more secure way to send down the updates without having the users PC's slowed down during the updates?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Some updates will change system files. Do the users need specific user rights on thier PC's? or is power user sufficiant for the updates to install?
ASKER
Still getting a 503 error though.
Policy Setting
Allow Automatic Updates immediate installation Enabled
Configure Automatic Updates Enabled
Configure automatic updating: 4 - Auto download and schedule the install
The following settings are only required
and applicable if 4 is selected.
Scheduled install day: 5 - Every Thursday
Scheduled install time: 16:00
Policy Setting
Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box Disabled
No auto-restart for scheduled Automatic Updates installations Enabled
Specify intranet Microsoft update service location Enabled
Set the intranet update service for detecting updates: http://server:8530
Set the intranet statistics server: http://server:8530