Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 600
  • Last Modified:

Windows update services help needed

Hi I have installed windows update serices and configured group policy in the following way:

comp config > windows update >
config auto updates enables.
specify intranet update service location > http://computername
Enable client side targeting > computergroup1
auto update frequency

in wsus I have added a group called computergroup1,
what else do I need to do because my computer is not showing in wsus
thanks
0
Dan560
Asked:
Dan560
  • 5
  • 4
1 Solution
 
SteveIT ManagerCommented:
Make sure you have configured all the required settings - there is another setting in Group policy, its above the specify intranet update location setting, its to actually specify update settings and if you look at the policy you will see it.

Also ensure that the website you use is not using an ssl certificate or if it is that it is correctly referenced - I recommend using http to get things working then consider https.

If you use HTTPS, the certificate for the site (i think) is a locally generated one and therefore not trusted by the pc's on the network, that means the connection will probably not be established properly.

The computers should appears in the WSUS console now and any other pc's you put in that OU will have the same settings applied.

Let me know if there's anything else you would like to know
0
 
Dan560Author Commented:
for the intranet update location setting i have just used http://mycomputername this doesnt look correct,
as in IIS it ses the wsus admin site is listening on 8530
0
 
ChiefITCommented:
http://servername:8530  (points your clients to go to port 8530)
http://servername  (points your clients to use port 80)
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
Dan560Author Commented:
when I navigate through the web browser on that address I get
Some content or files on this webpage require a program that you don't have installed.  
0
 
ChiefITCommented:
OK Dan:

It looks like you need to change your GPO to http://servername:8530 and then go to the command prompt and type GPupdate /force.

Let me explain WSUS install a little bit.

If the WSUS is installed on a server that already has an existing web page on the default HTTP port of 80, WSUS will make provisions by using an alternative port (port 8530).
In this case, your GPO should look like this:
HTTP://servername:8530

If this server doesn't have another web site on it, WSUS will use the default HTTP Port of 80. In this case your GPO should look like this:
HTTP://servername  Or HTTP://servername:80
0
 
ChiefITCommented:
Once the GPO is fixed we can determine if you are missing anything by interfacing the clients with the server. There is a utility called WSUSclientdiag that we can use to diagnose the problems.
0
 
Dan560Author Commented:
I did that already, hhhmmm maybe I have setup the gpo wrong
I havent edited the Default domain policy
I have just created an OU called accounts and linked a GPO to that OU. This does not sound correct for some reason,do I have to edit a policy that links to the Default Domain?
0
 
Dan560Author Commented:
more info
ran a test

WSUS Client Diagnostics Tool
Checking Machine State
        Checking for admin rights to run tool . . . . . . . . . PASS
        Automatic Updates Service is running. . . . . . . . . . PASS
        Background Intelligent Transfer Service is running. . . PASS
        Wuaueng.dll version 7.2.6001.784. . . . . . . . . . . . PASS
                This version is WSUS 2.0
Checking AU Settings
        AU Option is 2 : Notify Prior to Download . . . . . . . PASS
                Option is from Control Panel
Checking Proxy Configuration
        Checking for winhttp local machine Proxy settings . . . PASS
                Winhttp local machine access type
                        <Direct Connection>
                Winhttp local machine Proxy. . . . . . . . . .  NONE
                Winhttp local machine ProxyBypass. . . . . . .  NONE
        Checking User IE Proxy settings . . . . . . . . . . . . PASS
                User IE Proxy. . . . . . . . . . . . . . . . .  NONE
                User IE ProxyByPass. . . . . . . . . . . . . .  NONE
                User IE AutoConfig URL Proxy . . . . . . . . .  NONE
                User IE AutoDetect
                AutoDetect not in use
Checking Connection to WSUS/SUS Server
WUStatusServer is not set through Policy
WUServer is not set through Policy
        UseWuServer is disabled . . . . . . . . . . . . . . . . FAIL
Press Enter to Complete
event logs show:

Self-update is not working. ID 13042 CAT=CLIENTS

No client computers have ever contacted the server.

The permissions on directory D:\WSUS are incorrect.
 
I have checked permissions but they look all correct :S
0
 
Dan560Author Commented:
found another!

Content file download failed. Reason: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) Source File: /msdownload/update/v3-19990518/cabpool/windowsxp-kb842773-v2-x86-enu_1d3d2bc417bf9d881206ed238ad6a4a9c189cfb3.exe Destination File: d:\WSUS\WsusContent\B3\1D3D2BC417BF9D881206ED238AD6A4A9C189CFB3.exe.
0
 
ChiefITCommented:
"'I have just created an OU called accounts and linked a GPO to that OU. This does not sound correct for some reason,do I have to edit a policy that links to the Default Domain?""

This is correct. It is recommended by WSUS to not create a default domain policy for these GPOs. So, creating an OU and linking to the OU is the correct action.

It appears like you may have a permissions problem:
This link will help you verify your settings on the WSUS server. Make sure you follow up with the NTFS permissions, as well:
http://technet.microsoft.com/en-us/library/cc708545.aspx

0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now