Windows update services help needed

Posted on 2008-10-07
Medium Priority
Last Modified: 2012-05-05
Hi I have installed windows update serices and configured group policy in the following way:

comp config > windows update >
config auto updates enables.
specify intranet update service location > http://computername
Enable client side targeting > computergroup1
auto update frequency

in wsus I have added a group called computergroup1,
what else do I need to do because my computer is not showing in wsus
Question by:Dan560
  • 5
  • 4
LVL 17

Expert Comment

ID: 22657658
Make sure you have configured all the required settings - there is another setting in Group policy, its above the specify intranet update location setting, its to actually specify update settings and if you look at the policy you will see it.

Also ensure that the website you use is not using an ssl certificate or if it is that it is correctly referenced - I recommend using http to get things working then consider https.

If you use HTTPS, the certificate for the site (i think) is a locally generated one and therefore not trusted by the pc's on the network, that means the connection will probably not be established properly.

The computers should appears in the WSUS console now and any other pc's you put in that OU will have the same settings applied.

Let me know if there's anything else you would like to know

Author Comment

ID: 22657715
for the intranet update location setting i have just used http://mycomputername this doesnt look correct,
as in IIS it ses the wsus admin site is listening on 8530
LVL 39

Expert Comment

ID: 22658110
http://servername:8530  (points your clients to go to port 8530)
http://servername  (points your clients to use port 80)
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.


Author Comment

ID: 22658157
when I navigate through the web browser on that address I get
Some content or files on this webpage require a program that you don't have installed.  
LVL 39

Expert Comment

ID: 22658269
OK Dan:

It looks like you need to change your GPO to http://servername:8530 and then go to the command prompt and type GPupdate /force.

Let me explain WSUS install a little bit.

If the WSUS is installed on a server that already has an existing web page on the default HTTP port of 80, WSUS will make provisions by using an alternative port (port 8530).
In this case, your GPO should look like this:

If this server doesn't have another web site on it, WSUS will use the default HTTP Port of 80. In this case your GPO should look like this:
HTTP://servername  Or HTTP://servername:80
LVL 39

Expert Comment

ID: 22658281
Once the GPO is fixed we can determine if you are missing anything by interfacing the clients with the server. There is a utility called WSUSclientdiag that we can use to diagnose the problems.

Author Comment

ID: 22658357
I did that already, hhhmmm maybe I have setup the gpo wrong
I havent edited the Default domain policy
I have just created an OU called accounts and linked a GPO to that OU. This does not sound correct for some reason,do I have to edit a policy that links to the Default Domain?

Author Comment

ID: 22660043
more info
ran a test

WSUS Client Diagnostics Tool
Checking Machine State
        Checking for admin rights to run tool . . . . . . . . . PASS
        Automatic Updates Service is running. . . . . . . . . . PASS
        Background Intelligent Transfer Service is running. . . PASS
        Wuaueng.dll version 7.2.6001.784. . . . . . . . . . . . PASS
                This version is WSUS 2.0
Checking AU Settings
        AU Option is 2 : Notify Prior to Download . . . . . . . PASS
                Option is from Control Panel
Checking Proxy Configuration
        Checking for winhttp local machine Proxy settings . . . PASS
                Winhttp local machine access type
                        <Direct Connection>
                Winhttp local machine Proxy. . . . . . . . . .  NONE
                Winhttp local machine ProxyBypass. . . . . . .  NONE
        Checking User IE Proxy settings . . . . . . . . . . . . PASS
                User IE Proxy. . . . . . . . . . . . . . . . .  NONE
                User IE ProxyByPass. . . . . . . . . . . . . .  NONE
                User IE AutoConfig URL Proxy . . . . . . . . .  NONE
                User IE AutoDetect
                AutoDetect not in use
Checking Connection to WSUS/SUS Server
WUStatusServer is not set through Policy
WUServer is not set through Policy
        UseWuServer is disabled . . . . . . . . . . . . . . . . FAIL
Press Enter to Complete
event logs show:

Self-update is not working. ID 13042 CAT=CLIENTS

No client computers have ever contacted the server.

The permissions on directory D:\WSUS are incorrect.
I have checked permissions but they look all correct :S

Author Comment

ID: 22660051
found another!

Content file download failed. Reason: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) Source File: /msdownload/update/v3-19990518/cabpool/windowsxp-kb842773-v2-x86-enu_1d3d2bc417bf9d881206ed238ad6a4a9c189cfb3.exe Destination File: d:\WSUS\WsusContent\B3\1D3D2BC417BF9D881206ED238AD6A4A9C189CFB3.exe.
LVL 39

Accepted Solution

ChiefIT earned 2000 total points
ID: 22667051
"'I have just created an OU called accounts and linked a GPO to that OU. This does not sound correct for some reason,do I have to edit a policy that links to the Default Domain?""

This is correct. It is recommended by WSUS to not create a default domain policy for these GPOs. So, creating an OU and linking to the OU is the correct action.

It appears like you may have a permissions problem:
This link will help you verify your settings on the WSUS server. Make sure you follow up with the NTFS permissions, as well:


Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
The video will let you know the exact process to import OST/PST files to the cloud based Office 365 mailboxes. Using Kernel Import PST to Office 365 tool, one can quickly import numerous OST/PST files to Office 365. Besides this, the tool also comes…
Through the video, you can check the migration process of Outlook PST file to PDF. Kernel for Outlook to PDF tool can convert Outlook emails with all attributes like Subject, To, From, Cc, Bcc and other folders such as Inbox, Outbox, Sent Items, Jun…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question