?
Solved

how to install wsus update on windows server 2003

Posted on 2009-03-31
7
Medium Priority
?
1,252 Views
Last Modified: 2012-05-06
how to install wsus update on windows server 2003
0
Comment
Question by:ashjuv
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24031471
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 1000 total points
ID: 24031952
Hello ashjuv,

WSUS Installing and configuring Windows Software Update Services.


Pre Flight Checks

1.      Download the WSUS 3.0 SP1  executable from from http://www.microsoft.com/downloads/details.aspx?FamilyId=F87B4C5E-4161-48AF-9FF8-A96993C688DF&displaylang=en#filelist
2.      You  will need 30-30Gb Free Drive space for your updates.
3.      Also Ensure IIS in installed and running ? put on the latest patches and updates before you start.
4.      Install this beforehand. Microsoft Report Viewer Redistributable 2005 http://www.microsoft.com/downloads/details.aspx?familyid=8a166cac-758d-45c8-b637-dd7726e61367&displaylang=en

Install WSUS

1.      Run the WSUS exe.
2.      Next.
3.      Select "Full Server installation including Administration Console".
4.      Next
5.      Accept the EULA > Next.
6.      Ensure "Store updates locally" is ticked and select a location to hold the updates (need 20-30Gb Free)
7.      Select "Install Windows Internal Database on this computer" Unless you want to use an existing SQL server > Next
8.      Select "Create a Windows Server Update Services 3.0 SP1 Web site? > Next.

Note: the URL i.e http://server-name:8530

9.      Review the information > Next.
10.      WSUS Will install.
11.      When done - click finish.

After a few seconds the configuration wizard will start. (Note you can run this at any time from the WSUS snap in > Options > WSUS Server Configuration Wizard.)

1.      Next.
2.      If you want to help leave the box ticked > Next.
3.      Unless you have a WSUS server ?In front? of this one leave ?Synchronise with Microsoft Update? Ticked > Next
4.      Enter Proxy details if appropriate*  > Next
5.      Click Start connecting.
6.      You should connect to the Microsoft update site. (This downloads an XML file that contains a full list of updates). > Next
7.      Select the language (you want the updates in!) remember the eventual downloaded updates folder size will be multiplied by the amount of languages you select. > Next.
8.      Select the products you want to update, again the more products the bigger the folder > Next.
9.      Select WHAT you want to download > Next.
10.      Select the frequency that WSUS will sync with Microsoft by selecting Synchronize automatically, set it ?Out of Hours? >Next.
11.      Tick ?Begin Initial synchronisation? > Next
12.      Click Finish.

Note the initial Synchronisation can take a very long time. Keep selecting ?Updates? and you will see the numbers going up.
*NB if you?re using ISA as a proxy you might need to change the port number to 8080 or it may fail (took me 15 minutes to work that out)
You now need to get your clients pointed to the WSUS Server ? to do this use either local policy on each machine ? Or Group policy on the domain.
OK now you need it to start seeing the clients before you do anything else...........


Point the clients to the WSUS Server

1.      If you are setting this up on the Domain skip to number 2, On the client click Start > Run > gpedit.msc {enter}
2.      If you are doing this on a Local PC skip to number 3, On a domain controller: Note this policy can be applied to an OU (Like the Computers OU for example)or the at domain level, for the purpose of this exercise we will apply it at domain level. Open administrative tools > Active directory users and computers, right click the domain, and select Properties > Group Policy > You will see one of two things, either one button to open the group policy management console, or one or more policies, and lots of buttons,
i.      One Button: Press the ?Open? button to launch the Group policy Management Console > Right Click the Domain Name > Create and Link a GPO Here > Call it WSUS > OK > Right click the WSUS GPO > Edit.
i.      Lots of Burtons > Click New > Call it WSUS > Edit.
3.      Navigate to Computer Configuration > Administrative Templates >Windows Components > Windows Update. On the right pane locate "Configure Automatic Updates" and right click it, select properties.
4.      Select Enabled, in the first drop down box you set the action for the updates, I prefer not to frighten my users so I select "4 - Auto download and schedule the install" you can now set the schedule by default its set to 0300 which isn?t no good if all your PC's are shut down at that time (set it to 1400 or something more sensible)
5.      Click "Next Setting" > Enable > in both box's type the URL of your WSUS server (i.e. Http://:8530). Then Click "Next Setting" > if you see a "enable client side targeting properties page click "Next Setting" the next screen should ask for a wait period after start-up for the updates to run select enables and enter 5 minutes.
6.      Click "Next Setting" this comes in to play if an update requires a reboot, for an explanation click the "Explain" tab, I set this to Enable. That means it will inform the user but not reboot.
7.      Click Apply > OK > Then exit the policy editor.
8.      You can force the policy to take effect, by clicking..
i.      XP, Vista and server 2003: Start > run > gpupdate /force {enter}
ii.      2000: Start > run > SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE

You can test to see if they have applied by right clicking "My computer" > Properties > Automatic Updates, and the time you set in policy should be shown and all the options "greyed out"


Create some groups and move your PC?s into them.

As with previous versions of SUS, WUS, and WSUS, as new PC?s are detected they get put in ?Unassigned computers? I suggest you create some groups ? I?m my case I create a "Live" Group and a "Test" Group that way I can test the updates on a few PC's (The ones in my office) before I fire them at everyone.

To Create a Group

1.      Open the WSUS admin console.
2.      Expand > Update Services >{ server name} > Computers > All computers > Right Click > Add computer group > Give it a name > Add > Repeat as necessary i.e. You might want to create groups for servers, or exchange servers, or web servers, etc.
If you?re running through this your PC?s may not have reported yet so to find them do the following.
1.      Open the WSUS admin console.
2.      Expand > Update Services >{ server name} > Computers > All computers > Unassigned Computers > Change the Status Drop down to ?Any? and click Refresh.
3.      To move them to the group you created simply right click them and select ?Change Membership? > Then select the appropriate group > OK.
 
Send out the updates.

Unless you approve the updates to be sent out, nothing will happen, the WSUS server just logs everything and does some reports, before an update can be sent out to a client you need to approve it.

1.      Open the WSUS admin console.
2.      Expand > Update Services >{ server name} > Updates  > All Updates > Ensure the Approval drop down is set to ?Unapproved? and click refresh.
3.      Select the updates you want to approve (Normal selection rules apply unlike earlier versions you can multiple select using the shift and control keys as required).
4.      Click ?Approve? (it?s on the far right window.
5.      Select the group you want to approve the update for (click the little down arrow).
6.      Select Approved for Install. > OK.
7.      Hopefully after the progress bar has finished it should have a long list of ?Successes? > Click Close.
 

WARNING - I didn?t write the updates, Microsoft did, if you approve something that breaks your clients then moan at them not me.

Force a Client update

On the client run the following batch file

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=cut below-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
@echo on
net stop wuauserv
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
Reg Delete "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
net start wuauserv

@echo off
Echo This client will now check for updates on the WSUS Server.
Echo Wait at least 30 minutes then check C:\Window\Windows update.log
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=cut above-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=



Problems

Troubleshoot from the client using the CLient Diagnostics Tool
http://download.microsoft.com/download/9/7/6/976d1084-d2fd-45a1-8c27-a467c768d8ef/WSUS%20Client%20Diagnostic%20Tool.EXE
Other Diagnostic tools
http://technet.microsoft.com/en-us/wsus/bb466192.aspx

Machines are not importing

Make sure the URL thats defined in the group policy is the FQDN of the WSUS Server.
Try removing the port number from the URL specified in Group Policy (sometimes it set up on Port 80 and tells you it hasnt).

Regards,

PeteLong
0
 
LVL 39

Assisted Solution

by:ChiefIT
ChiefIT earned 1000 total points
ID: 24035533
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:ashjuv
ID: 24036218
thanks, if these workstaion don't show hundred percent sooner than later then I am going to come abck and ask another question.

thanks for all ur help
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 24046561
I appreciate your desire to stick with one question for one answer. Supplying a quick how to guide was your original question, but we all have configured WSUS servers and know there are most likely straglers that don't sign in. In my opinion, o real need to ask another question.

You have a couple of my favorite techs on this question that could quickly respond to helping you with WSUS stragglers. I think one of us could help you resolve any remaining issues pretty quickly.

0
 
LVL 57

Expert Comment

by:Pete Long
ID: 24052510
-Wont be me -  Im useless :)
 
 
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 24066580
ThanQ
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question