WSUS 3.0 SP1 vs. SCE 2007 SP1 for updating domain computers

To All Windows Experts out there,

is there any other methods to update the whole computer in a domain other than setting up WSUS 3.0 SP1 and then set the GPO to enable Auto-update ?

because I tried using WSUS 3.0 SP1 and already set the Windows Update GPO in my DC, the updates still hasn't pushed propely. Moreover, the status in my WSUS 3.0 SP1 server stopping at 99% and most of them displaying yellow triangle (exclamation) mark and some of them is uncontactable.

how about using System Center Essential 2007 SP1 ? does it act the same as WSUS 3.0 SP1 ?

please shed some light here for this matter.

thanks.
LVL 1
jjozAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jjozAuthor Commented:
i also have Symantec End Point Protection Manager (Antivirus) installed in that server.

from Netsat, i couldn't see port 8530 opened somehow :-|

is there any way to see whichport number that is used by WSUS ?

Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2008-11-03 12:38 EST
Interesting ports on SYSMGMTServer:
(The 65514 ports scanned but not shown below are in state: closed)
PORT      STATE SERVICE
80/tcp    open  http
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
1040/tcp  open  netsaint
1058/tcp  open  nim
1271/tcp  open  unknown
1517/tcp  open  vpac
2382/tcp  open  unknown
2618/tcp  open  unknown
3389/tcp  open  ms-term-serv
3999/tcp  open  remoteanything
5633/tcp  open  unknown
6101/tcp  open  VeritasBackupExec
6106/tcp  open  isdninfo
8080/tcp  open  http-proxy
8443/tcp  open  https-alt
8828/tcp  open  unknown
8888/tcp  open  sun-answerbook
9090/tcp  open  zeus-admin
10000/tcp open  snet-sensor-mgmt
MAC Address: 00:1E:C9:BA:E8:1A (Unknown)

Open in new window

0
overcld9Commented:
I do not know if System Center is a better or worse solution, but I can tell you that WSUS uses port 8530 by default. Normally if you have an update set to download but not install, you will see a status of 99%, I had this same issue with ie7 because it reported as "Not Needed" and I could not force the machines to update to ie7 via wsus. We finally had to force deployment using this article as a guide :
http://www.microsoft.com/downloads/details.aspx?FamilyID=e41d8800-d134-4356-a2e7-c01bee790908

For the yellow triangles you'll need to identify which updates are "Needed" that you've not yet approved for installation. Best way to do that is to go to the "All Updates" node, and filter on "Unapproved" and "Needed", get the list of unapproved but needed updates, select ALL, and approve for ALL COMPUTERS.

If you've got some computers that you do *not* want to install any updates on, make sure you set their particular groups to "Not Approved (not inherited)" before approving the update for "All Computers"

As for Endpoint we find that it works best and causes us fewer headaches if we deploy it as Anti-Virus only on the servers.
Hope this is helpful,
-Sean
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jjozAuthor Commented:
Thanks for answering all of my questions.
0
jjozAuthor Commented:
Overcld9,
 
does that means i need to point to http://WSUSServer:8530 in the GPO ?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.