Solved

WSUS 3.0 SP1 vs. SCE 2007 SP1 for updating domain computers

Posted on 2008-11-02
4
887 Views
Last Modified: 2010-04-21
To All Windows Experts out there,

is there any other methods to update the whole computer in a domain other than setting up WSUS 3.0 SP1 and then set the GPO to enable Auto-update ?

because I tried using WSUS 3.0 SP1 and already set the Windows Update GPO in my DC, the updates still hasn't pushed propely. Moreover, the status in my WSUS 3.0 SP1 server stopping at 99% and most of them displaying yellow triangle (exclamation) mark and some of them is uncontactable.

how about using System Center Essential 2007 SP1 ? does it act the same as WSUS 3.0 SP1 ?

please shed some light here for this matter.

thanks.
0
Comment
Question by:jjoz
  • 3
4 Comments
 
LVL 1

Author Comment

by:jjoz
ID: 22864888
i also have Symantec End Point Protection Manager (Antivirus) installed in that server.

from Netsat, i couldn't see port 8530 opened somehow :-|

is there any way to see whichport number that is used by WSUS ?

Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2008-11-03 12:38 EST

Interesting ports on SYSMGMTServer:

(The 65514 ports scanned but not shown below are in state: closed)

PORT      STATE SERVICE

80/tcp    open  http

135/tcp   open  msrpc

139/tcp   open  netbios-ssn

445/tcp   open  microsoft-ds

1040/tcp  open  netsaint

1058/tcp  open  nim

1271/tcp  open  unknown

1517/tcp  open  vpac

2382/tcp  open  unknown

2618/tcp  open  unknown

3389/tcp  open  ms-term-serv

3999/tcp  open  remoteanything

5633/tcp  open  unknown

6101/tcp  open  VeritasBackupExec

6106/tcp  open  isdninfo

8080/tcp  open  http-proxy

8443/tcp  open  https-alt

8828/tcp  open  unknown

8888/tcp  open  sun-answerbook

9090/tcp  open  zeus-admin

10000/tcp open  snet-sensor-mgmt

MAC Address: 00:1E:C9:BA:E8:1A (Unknown)

Open in new window

0
 
LVL 3

Accepted Solution

by:
overcld9 earned 500 total points
ID: 22902229
I do not know if System Center is a better or worse solution, but I can tell you that WSUS uses port 8530 by default. Normally if you have an update set to download but not install, you will see a status of 99%, I had this same issue with ie7 because it reported as "Not Needed" and I could not force the machines to update to ie7 via wsus. We finally had to force deployment using this article as a guide :
http://www.microsoft.com/downloads/details.aspx?FamilyID=e41d8800-d134-4356-a2e7-c01bee790908

For the yellow triangles you'll need to identify which updates are "Needed" that you've not yet approved for installation. Best way to do that is to go to the "All Updates" node, and filter on "Unapproved" and "Needed", get the list of unapproved but needed updates, select ALL, and approve for ALL COMPUTERS.

If you've got some computers that you do *not* want to install any updates on, make sure you set their particular groups to "Not Approved (not inherited)" before approving the update for "All Computers"

As for Endpoint we find that it works best and causes us fewer headaches if we deploy it as Anti-Virus only on the servers.
Hope this is helpful,
-Sean
0
 
LVL 1

Author Closing Comment

by:jjoz
ID: 31512470
Thanks for answering all of my questions.
0
 
LVL 1

Author Comment

by:jjoz
ID: 22939072
Overcld9,
 
does that means i need to point to http://WSUSServer:8530 in the GPO ?
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now