Windows Server Update Services 3.0 - Clients not Installing Updates
We are running Windows Server Update Services 3.0. All of our machines are reporting status to the update server and all updates have been approved for install, but the updates are not being installed. The machines are set to automatically download and install the updates every day (this is set in group policy). The management shows that the machines need the updates, but the windowsupdate.log and event logs on the clients don't show that the updates have been downloaded or installed. There are no failures, just nothing happening.
ASKER
What do you mean by check the RSOP? Is this a registry setting?
Resultant Set of Policy. It's an option under your GP console.
ASKER
We don;t use the GP Console. GP is managed through Active Directory. Is there another way to check?
ASKER
I installed the GP Console on a client. How do I check the RSoP?
ASKER
I figured out how to run the RSop report. I see the policy, "Configure Automatic Updates", and this has option 4 - Auto download and schedule the install selected. I don't see "AUTOMATICALLY INSTALL at X Time without being logged on as Administrator" as you specified above. Should this be an option?
No, that's correct. Unless I'm remembering incorrectly, there's another setting in GP on the server that doesn't require you to be logged on as an administrator to install. I'm assuming here that your users don't have administrative rights; if they do, then don't worry about that.
I unfortunately am not in a position to check the actual settings ATM. Once I get done with my current task I will try to find it for you.
I unfortunately am not in a position to check the actual settings ATM. Once I get done with my current task I will try to find it for you.
I am misremembering in error -- just checked. No such setting -- was thinking of non-administrators receiving update notifications. Shot in the dark, did you schedule a date as well (e.g. Every Day (0) )?
ASKER
Thanks. We upgraded from 2.0 to 3.0. Version 2 was working fine, but since 3.0, no updates have been installed. All clients are checking in, but not updating,
ASKER
the setting is to install every day
leatherleaf, what objects have been granted the "View Group Policy Object" right? All Computers? I've seen this happen before when everything was Kosher except no one had the ability to READ the GPO.
ASKER
Where do I find this setting?
ASKER
I don't know if it's a problem with reading the GPO, other policies have been applied to the computers. Also, when we had v2.0 the updates were working fine.
It is the security settings for the Policy that you're interested in. From the AD Users & Computers interface (which you were using before the MMC) Right-Click the object where the GPO resides. Select Properties, Group Policy, Properties, and then choose the Security Tab.
From here, the affected Computer(s), OU(s) need to have Allow-Read & Allow-Apply Group Policy.
Hope this helps.
From here, the affected Computer(s), OU(s) need to have Allow-Read & Allow-Apply Group Policy.
Hope this helps.
ASKER
OK - Authenticated Users has Read and Apply. Do we need to add Domain Computers?
Well, since the GPO (WSUS) is specific to the machine, not users, remove the authenticated users and add the Domain PC GROUPS (include PCs, DCs, etc.)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Is it working LeatherLeaf?
ASKER
We never really go this working; the customer hates WSUS and decided to dump it. I awarded the points because of the help with troubleshooting.
1) Check the RSOP on a client and make sure it contains the AUTOMATICALLY INSTALL at X Time without being logged on as Administrator
2) Do gpupdate /force from a client