• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 451
  • Last Modified:

WSUS is not automatically installing updates. Still asking for manual install.

WSUS server is set up with the following:
    All computers are in a group called "WSUS Computers"
    "WSUS Computers" is linked to the "mydomain.local" in a GPO named "WSUS Nodes."
    In the WSUS Nodes GPO I have the following enabled:
        Allow Automatic Updates Immediate Installation          Enabled
        Configure Automatic Updates                                     Enabled
               Configure Automatic updating                                    4 - Auto Download and schedule the install
               Schedule install day:                                                 0 - Every day
               Scheduled install time:                                              21:00
        Do not adjust default option to 'Install Updates and      Enabled
             Shut Down' in Shut Down Windows dialog box
        Specify intranet Microsoft updated service Location      Enabled
             Set the intranet update service for detecting           http://MyServer
                  updates:
             Set the intranet statistics server:                           http://MyServer

When updates get sent from the server, some computers get a little green shield in the system tray that says that this computer has received updates.  That is what I am looking for for all of the computers.  However, other computers get the yellow shield with the black exclamation point on it that says updates have been downloaded, and ready to install.  The users then have to select update.   When I look at the update settings on an individual computer, it is grayed out and set to update automatically everyday at 9:00pm.  I do not want them to have to bother with the updates.

One other thing I do not know if it is important.  In the event log, there are several entries that look like this:

Source: Windows Server Update services
Catagory: Update Server services
Event ID: 503
The Windows Server Update Services Server experienced an error while attempting to write to the log file.
1768.3886  <===== (This is different on all of the event log entries.)
System.UnauthorizedAccessException: Access to the path "C:\Program Files\Update Services\LogFiles\SoftwareDistribution.log" is denied.
   at System.IO.__Error.WinIOError(Int32 errorCode, String str)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, Boolean useAsync, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
   at Microsoft.UpdateServices.Internal.TraceLogger.OpenFile()
   at Microsoft.UpdateServices.Internal.TraceLogger.WriteLine(String message)

For more information, see Help and Support Center at
(Of course when you hit the link it says there is no more information on this error.)

How do I get all of the computers to automatically install all of the updates I tell it to without the need for user’s intervention? Could the SUS be having difficulty accessing the log file so it doesn't complete the install?  If so, where do I give SUS permission to access the "Update Services" directory?  Or is this a totally unrelated issue?
   
0
tjmichael
Asked:
tjmichael
  • 4
  • 4
1 Solution
 
MazaraatCommented:
Are your computers logged in and turned on at 9pm?  Most of The updates won't install unless they are logged in...so I would change the time to either just after they get in or just before they leave.  Here is a copy of my policy, it installs the updates when as they log off on thursday evening:

Policy Setting
Allow Automatic Updates immediate installation Enabled
Configure Automatic Updates Enabled
Configure automatic updating: 4 - Auto download and schedule the install
The following settings are only required
and applicable if 4 is selected.
Scheduled install day:  5 - Every Thursday
Scheduled install time: 16:00
 
Policy Setting
Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box Disabled
No auto-restart for scheduled Automatic Updates installations Enabled
Specify intranet Microsoft update service location Enabled
Set the intranet update service for detecting updates: http://server:8530 
Set the intranet statistics server: http://server:8530 
 
0
 
tjmichaelAuthor Commented:
It looks the same as mine except for the "No auto-restart for scheduled..."

Yes all of the users are asked to not shut down at night when they leave.  They are to restart their computers and turn off the monitor.  (I also run the anti-virus scan at night as well but at a different time).
0
 
MazaraatCommented:
The 503 error is probably seperate, here is what you can do to fix it:

1.  Check ownership and permissions on the following file/folder -
---- C:\Program Files\Update Services\LogFiles\SoftwareDistribution.log
----Check to see if WSUS administrators have access to folder/file
----Take ownership then set the folder to inherit permissions.

2.  check the size of  the softwaredistrobution log file, it should be 20mb or less.  If its bigger delete and restart the wsus services
0
Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

 
MazaraatCommented:
Ahh, then thats probably the problem, for most of the updates (all?) a user must be logged in.  
0
 
tjmichaelAuthor Commented:
I do not want the computers to be left logged on all night.  Is there a way to have the computers updated while logged off?  Or, is there a more secure way to send down the updates without having the users PC's slowed down during the updates?
0
 
MazaraatCommented:
Unfortunately they must be logged in to get most of the updates, thats why I have mine set for users to install them when they go home on thursday selecting (by default) the 'Install Updates and Shut Down' option.  This has proven to be the least intrusive for me.
0
 
tjmichaelAuthor Commented:
Some updates will change system files.  Do the users need specific user rights on thier PC's? or is power user sufficiant for the updates to install?  
0
 
tjmichaelAuthor Commented:
Still getting a 503 error though.
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now