WSUS is not automatically installing updates. Still asking for manual install.

WSUS server is set up with the following:
    All computers are in a group called "WSUS Computers"
    "WSUS Computers" is linked to the "mydomain.local" in a GPO named "WSUS Nodes."
    In the WSUS Nodes GPO I have the following enabled:
        Allow Automatic Updates Immediate Installation          Enabled
        Configure Automatic Updates                                     Enabled
               Configure Automatic updating                                    4 - Auto Download and schedule the install
               Schedule install day:                                                 0 - Every day
               Scheduled install time:                                              21:00
        Do not adjust default option to 'Install Updates and      Enabled
             Shut Down' in Shut Down Windows dialog box
        Specify intranet Microsoft updated service Location      Enabled
             Set the intranet update service for detecting           http://MyServer
                  updates:
             Set the intranet statistics server:                           http://MyServer

When updates get sent from the server, some computers get a little green shield in the system tray that says that this computer has received updates.  That is what I am looking for for all of the computers.  However, other computers get the yellow shield with the black exclamation point on it that says updates have been downloaded, and ready to install.  The users then have to select update.   When I look at the update settings on an individual computer, it is grayed out and set to update automatically everyday at 9:00pm.  I do not want them to have to bother with the updates.

One other thing I do not know if it is important.  In the event log, there are several entries that look like this:

Source: Windows Server Update services
Catagory: Update Server services
Event ID: 503
The Windows Server Update Services Server experienced an error while attempting to write to the log file.
1768.3886  <===== (This is different on all of the event log entries.)
System.UnauthorizedAccessException: Access to the path "C:\Program Files\Update Services\LogFiles\SoftwareDistribution.log" is denied.
   at System.IO.__Error.WinIOError(Int32 errorCode, String str)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, Boolean useAsync, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
   at Microsoft.UpdateServices.Internal.TraceLogger.OpenFile()
   at Microsoft.UpdateServices.Internal.TraceLogger.WriteLine(String message)

For more information, see Help and Support Center at
(Of course when you hit the link it says there is no more information on this error.)

How do I get all of the computers to automatically install all of the updates I tell it to without the need for user’s intervention? Could the SUS be having difficulty accessing the log file so it doesn't complete the install?  If so, where do I give SUS permission to access the "Update Services" directory?  Or is this a totally unrelated issue?
   
tjmichaelAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MazaraatCommented:
Are your computers logged in and turned on at 9pm?  Most of The updates won't install unless they are logged in...so I would change the time to either just after they get in or just before they leave.  Here is a copy of my policy, it installs the updates when as they log off on thursday evening:

Policy Setting
Allow Automatic Updates immediate installation Enabled
Configure Automatic Updates Enabled
Configure automatic updating: 4 - Auto download and schedule the install
The following settings are only required
and applicable if 4 is selected.
Scheduled install day:  5 - Every Thursday
Scheduled install time: 16:00
 
Policy Setting
Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box Disabled
No auto-restart for scheduled Automatic Updates installations Enabled
Specify intranet Microsoft update service location Enabled
Set the intranet update service for detecting updates: http://server:8530 
Set the intranet statistics server: http://server:8530 
 
0
tjmichaelAuthor Commented:
It looks the same as mine except for the "No auto-restart for scheduled..."

Yes all of the users are asked to not shut down at night when they leave.  They are to restart their computers and turn off the monitor.  (I also run the anti-virus scan at night as well but at a different time).
0
MazaraatCommented:
The 503 error is probably seperate, here is what you can do to fix it:

1.  Check ownership and permissions on the following file/folder -
---- C:\Program Files\Update Services\LogFiles\SoftwareDistribution.log
----Check to see if WSUS administrators have access to folder/file
----Take ownership then set the folder to inherit permissions.

2.  check the size of  the softwaredistrobution log file, it should be 20mb or less.  If its bigger delete and restart the wsus services
0
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

MazaraatCommented:
Ahh, then thats probably the problem, for most of the updates (all?) a user must be logged in.  
0
tjmichaelAuthor Commented:
I do not want the computers to be left logged on all night.  Is there a way to have the computers updated while logged off?  Or, is there a more secure way to send down the updates without having the users PC's slowed down during the updates?
0
MazaraatCommented:
Unfortunately they must be logged in to get most of the updates, thats why I have mine set for users to install them when they go home on thursday selecting (by default) the 'Install Updates and Shut Down' option.  This has proven to be the least intrusive for me.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tjmichaelAuthor Commented:
Some updates will change system files.  Do the users need specific user rights on thier PC's? or is power user sufficiant for the updates to install?  
0
tjmichaelAuthor Commented:
Still getting a 503 error though.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.