We help IT Professionals succeed at work.

Windows Server Update Services 3.0 - Clients not Installing Updates

leatherleaf
leatherleaf asked
on
345 Views
Last Modified: 2010-04-18
We are running Windows Server Update Services 3.0. All of our machines are reporting status to the update server and all updates have been approved for install, but the updates are not being installed. The machines are set to automatically download and install the updates every day (this is set in group policy). The management shows that the machines need the updates, but the windowsupdate.log and event logs on the clients don't show that the updates have been downloaded or installed. There are no failures, just nothing happening.
Comment
Watch Question

Are you sure that the clients have the FULL GP?  

1) Check the RSOP on a client and make sure it contains the AUTOMATICALLY INSTALL at X Time without being logged on as Administrator
2) Do gpupdate /force from a client

Author

Commented:
What do you mean by check the RSOP? Is this a registry setting?
Resultant Set of Policy.  It's an option under your GP console.

Author

Commented:
We don;t use the GP Console. GP is managed through Active Directory. Is there another way to check?

Author

Commented:
I installed the GP Console on a client. How do I check the RSoP?

Author

Commented:
I figured out how to run the RSop report. I see the policy, "Configure Automatic Updates", and this has option 4 - Auto download and schedule the install selected. I don't see "AUTOMATICALLY INSTALL at X Time without being logged on as Administrator" as you specified above. Should this be an option?
No, that's correct.  Unless I'm remembering incorrectly, there's another setting in GP on the server that doesn't require you to be logged on as an administrator to install.  I'm assuming here that your users don't have administrative rights; if they do, then don't worry about that.  

I unfortunately am not in a position to check the actual settings ATM.  Once I get done with my current task I will try to find it for you.

I am misremembering in error -- just checked.  No such setting -- was thinking of non-administrators receiving update notifications.  Shot in the dark, did you schedule a date as well (e.g. Every Day (0) )?

Author

Commented:
Thanks. We upgraded from 2.0 to 3.0. Version 2 was working fine, but since 3.0, no updates have been installed. All clients are checking in, but not updating,

Author

Commented:
the setting is to install every day
leatherleaf, what objects have been granted the "View Group Policy Object" right? All Computers?  I've seen this happen before when everything was Kosher except no one had the ability to READ the GPO.

Author

Commented:
Where do I find this setting?

Author

Commented:
I don't know if it's a problem with reading the GPO, other policies have been applied to the computers. Also, when we had v2.0 the updates were working fine.
It is the security settings for the Policy that you're interested in.  From the AD Users & Computers interface (which you were using before the MMC) Right-Click the object where the GPO resides.  Select Properties, Group Policy, Properties, and then choose the Security Tab.

From here, the affected Computer(s), OU(s) need to have Allow-Read & Allow-Apply Group Policy.

Hope this helps.

Author

Commented:
OK - Authenticated Users has Read and Apply. Do we need to add Domain Computers?
Well, since the GPO (WSUS) is specific to the machine, not users, remove the authenticated users and add the Domain PC GROUPS (include PCs, DCs, etc.)
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Is it working LeatherLeaf?

Author

Commented:
We never really go this working; the customer hates WSUS and decided to dump it. I awarded the points because of the help with troubleshooting.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.