Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


how to install wsus update on windows server 2003

Posted on 2009-03-31
Medium Priority
Last Modified: 2012-05-06
how to install wsus update on windows server 2003
Question by:ashjuv
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 47

Expert Comment

by:Donald Stewart
ID: 24031471
LVL 57

Accepted Solution

Pete Long earned 1000 total points
ID: 24031952
Hello ashjuv,

WSUS Installing and configuring Windows Software Update Services.

Pre Flight Checks

1.      Download the WSUS 3.0 SP1  executable from from http://www.microsoft.com/downloads/details.aspx?FamilyId=F87B4C5E-4161-48AF-9FF8-A96993C688DF&displaylang=en#filelist
2.      You  will need 30-30Gb Free Drive space for your updates.
3.      Also Ensure IIS in installed and running ? put on the latest patches and updates before you start.
4.      Install this beforehand. Microsoft Report Viewer Redistributable 2005 http://www.microsoft.com/downloads/details.aspx?familyid=8a166cac-758d-45c8-b637-dd7726e61367&displaylang=en

Install WSUS

1.      Run the WSUS exe.
2.      Next.
3.      Select "Full Server installation including Administration Console".
4.      Next
5.      Accept the EULA > Next.
6.      Ensure "Store updates locally" is ticked and select a location to hold the updates (need 20-30Gb Free)
7.      Select "Install Windows Internal Database on this computer" Unless you want to use an existing SQL server > Next
8.      Select "Create a Windows Server Update Services 3.0 SP1 Web site? > Next.

Note: the URL i.e http://server-name:8530

9.      Review the information > Next.
10.      WSUS Will install.
11.      When done - click finish.

After a few seconds the configuration wizard will start. (Note you can run this at any time from the WSUS snap in > Options > WSUS Server Configuration Wizard.)

1.      Next.
2.      If you want to help leave the box ticked > Next.
3.      Unless you have a WSUS server ?In front? of this one leave ?Synchronise with Microsoft Update? Ticked > Next
4.      Enter Proxy details if appropriate*  > Next
5.      Click Start connecting.
6.      You should connect to the Microsoft update site. (This downloads an XML file that contains a full list of updates). > Next
7.      Select the language (you want the updates in!) remember the eventual downloaded updates folder size will be multiplied by the amount of languages you select. > Next.
8.      Select the products you want to update, again the more products the bigger the folder > Next.
9.      Select WHAT you want to download > Next.
10.      Select the frequency that WSUS will sync with Microsoft by selecting Synchronize automatically, set it ?Out of Hours? >Next.
11.      Tick ?Begin Initial synchronisation? > Next
12.      Click Finish.

Note the initial Synchronisation can take a very long time. Keep selecting ?Updates? and you will see the numbers going up.
*NB if you?re using ISA as a proxy you might need to change the port number to 8080 or it may fail (took me 15 minutes to work that out)
You now need to get your clients pointed to the WSUS Server ? to do this use either local policy on each machine ? Or Group policy on the domain.
OK now you need it to start seeing the clients before you do anything else...........

Point the clients to the WSUS Server

1.      If you are setting this up on the Domain skip to number 2, On the client click Start > Run > gpedit.msc {enter}
2.      If you are doing this on a Local PC skip to number 3, On a domain controller: Note this policy can be applied to an OU (Like the Computers OU for example)or the at domain level, for the purpose of this exercise we will apply it at domain level. Open administrative tools > Active directory users and computers, right click the domain, and select Properties > Group Policy > You will see one of two things, either one button to open the group policy management console, or one or more policies, and lots of buttons,
i.      One Button: Press the ?Open? button to launch the Group policy Management Console > Right Click the Domain Name > Create and Link a GPO Here > Call it WSUS > OK > Right click the WSUS GPO > Edit.
i.      Lots of Burtons > Click New > Call it WSUS > Edit.
3.      Navigate to Computer Configuration > Administrative Templates >Windows Components > Windows Update. On the right pane locate "Configure Automatic Updates" and right click it, select properties.
4.      Select Enabled, in the first drop down box you set the action for the updates, I prefer not to frighten my users so I select "4 - Auto download and schedule the install" you can now set the schedule by default its set to 0300 which isn?t no good if all your PC's are shut down at that time (set it to 1400 or something more sensible)
5.      Click "Next Setting" > Enable > in both box's type the URL of your WSUS server (i.e. Http://:8530). Then Click "Next Setting" > if you see a "enable client side targeting properties page click "Next Setting" the next screen should ask for a wait period after start-up for the updates to run select enables and enter 5 minutes.
6.      Click "Next Setting" this comes in to play if an update requires a reboot, for an explanation click the "Explain" tab, I set this to Enable. That means it will inform the user but not reboot.
7.      Click Apply > OK > Then exit the policy editor.
8.      You can force the policy to take effect, by clicking..
i.      XP, Vista and server 2003: Start > run > gpupdate /force {enter}

You can test to see if they have applied by right clicking "My computer" > Properties > Automatic Updates, and the time you set in policy should be shown and all the options "greyed out"

Create some groups and move your PC?s into them.

As with previous versions of SUS, WUS, and WSUS, as new PC?s are detected they get put in ?Unassigned computers? I suggest you create some groups ? I?m my case I create a "Live" Group and a "Test" Group that way I can test the updates on a few PC's (The ones in my office) before I fire them at everyone.

To Create a Group

1.      Open the WSUS admin console.
2.      Expand > Update Services >{ server name} > Computers > All computers > Right Click > Add computer group > Give it a name > Add > Repeat as necessary i.e. You might want to create groups for servers, or exchange servers, or web servers, etc.
If you?re running through this your PC?s may not have reported yet so to find them do the following.
1.      Open the WSUS admin console.
2.      Expand > Update Services >{ server name} > Computers > All computers > Unassigned Computers > Change the Status Drop down to ?Any? and click Refresh.
3.      To move them to the group you created simply right click them and select ?Change Membership? > Then select the appropriate group > OK.
Send out the updates.

Unless you approve the updates to be sent out, nothing will happen, the WSUS server just logs everything and does some reports, before an update can be sent out to a client you need to approve it.

1.      Open the WSUS admin console.
2.      Expand > Update Services >{ server name} > Updates  > All Updates > Ensure the Approval drop down is set to ?Unapproved? and click refresh.
3.      Select the updates you want to approve (Normal selection rules apply unlike earlier versions you can multiple select using the shift and control keys as required).
4.      Click ?Approve? (it?s on the far right window.
5.      Select the group you want to approve the update for (click the little down arrow).
6.      Select Approved for Install. > OK.
7.      Hopefully after the progress bar has finished it should have a long list of ?Successes? > Click Close.

WARNING - I didn?t write the updates, Microsoft did, if you approve something that breaks your clients then moan at them not me.

Force a Client update

On the client run the following batch file

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=cut below-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
@echo on
net stop wuauserv
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
Reg Delete "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
net start wuauserv

@echo off
Echo This client will now check for updates on the WSUS Server.
Echo Wait at least 30 minutes then check C:\Window\Windows update.log
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=cut above-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=


Troubleshoot from the client using the CLient Diagnostics Tool
Other Diagnostic tools

Machines are not importing

Make sure the URL thats defined in the group policy is the FQDN of the WSUS Server.
Try removing the port number from the URL specified in Group Policy (sometimes it set up on Port 80 and tells you it hasnt).


LVL 39

Assisted Solution

ChiefIT earned 1000 total points
ID: 24035533
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 24036218
thanks, if these workstaion don't show hundred percent sooner than later then I am going to come abck and ask another question.

thanks for all ur help
LVL 39

Expert Comment

ID: 24046561
I appreciate your desire to stick with one question for one answer. Supplying a quick how to guide was your original question, but we all have configured WSUS servers and know there are most likely straglers that don't sign in. In my opinion, o real need to ask another question.

You have a couple of my favorite techs on this question that could quickly respond to helping you with WSUS stragglers. I think one of us could help you resolve any remaining issues pretty quickly.

LVL 57

Expert Comment

by:Pete Long
ID: 24052510
-Wont be me -  Im useless :)
LVL 57

Expert Comment

by:Pete Long
ID: 24066580

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Learn about cloud computing and its benefits for small business owners.
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question