Randy_K
asked on
WSUS 3.1 clients not updating
I have recently setup a new wsus 3.1 server. I created all the GPO's which seems to work fine. I have the server email me the summary every morning. It lists all the computer groups with all the computers. The management console on the WSUS server lists all the groups with the appropriate computers in each group. The server does not install any updates on the clients. It lists all the critical updates approved but when I go to one of the test machines (in the specific grouped named "TEST") no updates have beed installed.
I have noticied the following error in the event log on the WSUS server:
Content file download failed. Reason: The requested URL does not exist on the server.
Source File: /msdownload/update/v3-1999
The Wsus server is a server 2003 SP1 but is not the DC, our DC is also a server 2003 SP1
Any suggestions?.
In the GPO management console I have enabled the following:
Do not adjust default option to "Install updates and shut down"
Configure automatic updates
Specify intranet microsoft update service location
Enable client side targeting
No auto-restart with logged on users for scheduled automatic updates
Automatic update frequency
allow automatic updates immediate installtion
I have noticied the following error in the event log on the WSUS server:
Content file download failed. Reason: The requested URL does not exist on the server.
Source File: /msdownload/update/v3-1999
The Wsus server is a server 2003 SP1 but is not the DC, our DC is also a server 2003 SP1
Any suggestions?.
In the GPO management console I have enabled the following:
Do not adjust default option to "Install updates and shut down"
Configure automatic updates
Specify intranet microsoft update service location
Enable client side targeting
No auto-restart with logged on users for scheduled automatic updates
Automatic update frequency
allow automatic updates immediate installtion
Browse to C:\Program Files\Update Services\Tools\
From there run the command "wsusutil reset".
This should fix it for you
From there run the command "wsusutil reset".
This should fix it for you
ASKER
Thanks, I will give this a shot. Once I run this, will running gpupdate /force cause the client to get the update from the WSUS server immediately?
No, to get the client to check for updates, you need to run wuauclt /detectnow.
ASKER
Arnold:
I have the correct URL, but when I go to the url in by browser I receive the "page under construction".
I have the correct URL, but when I go to the url in by browser I receive the "page under construction".
That is fine. The page you get is the standard IIS page. If you want you can enable directory browsing if it is not and rename the default.asp or index.asp to something else .asp-not at which point going to the URL will give you the directory listing.
Expand the default web site in IIS administrative tool and see whether you have there Selfupdate, Content, Inventory, SimpleAuth, etc. items that make up WSUS.
There should nine entries there that point to where your WSUS is installed and where your content repository is.
/msdownload is not one of those.
Can you double check what your GPO has for the Intranet site and post it. Make sure it is not the entry that has htt://server/msdownload which you may have added because you are storing the files on e:\msdownload.
Expand the default web site in IIS administrative tool and see whether you have there Selfupdate, Content, Inventory, SimpleAuth, etc. items that make up WSUS.
There should nine entries there that point to where your WSUS is installed and where your content repository is.
/msdownload is not one of those.
Can you double check what your GPO has for the Intranet site and post it. Make sure it is not the entry that has htt://server/msdownload which you may have added because you are storing the files on e:\msdownload.
ASKER
Arnold:
I ran the wauclt /detectnow on one test computer. I then looked on the WSUS management console. under the test machine, it shows the "last report status" has changed, but it still does not install any of the updates I approved for install.
I ran the wauclt /detectnow on one test computer. I then looked on the WSUS management console. under the test machine, it shows the "last report status" has changed, but it still does not install any of the updates I approved for install.
What is the schedule on the client? Check the client system's system event log dealing with windows update. It may have scheduled the install based on the time.
I.e. updates downloaded and are scheduled for install on April 8 at 3:00 am.
I.e. updates downloaded and are scheduled for install on April 8 at 3:00 am.
Save the below as fixwsus.cmd and run on client and then check
%Windir%\system32\net.exe stop bits
%Windir%\system32\net.exe stop wuauserv
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientValidation /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
if exist %Windir%\system32\atl.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\atl.dll
if exist %Windir%\system32\jscript.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\jscript.dll
if exist %Windir%\system32\softpub.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\softpub.dll
if exist %Windir%\system32\wuapi.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuapi.dll
if exist %Windir%\system32\wuaueng.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuaueng.dll
if exist %Windir%\system32\wuaueng1.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuaueng1.dll
if exist %Windir%\system32\wucltui.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wucltui.dll
if exist %Windir%\system32\wups.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wups.dll
if exist %Windir%\system32\wups2.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wups2.dll
if exist %Windir%\system32\wuweb.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuweb.dll
if exist %windir%\system32\iuengine.dll %windir%\system32\regsvr32.exe /s iuengine.dll
if exist %windir%\system32\wuauserv.dll %windir%\system32\regsvr32.exe /s wuauserv.dll
if exist %windir%\system32\cdm.dll %windir%\system32\regsvr32.exe /s cdm.dll
if exist %windir%\system32\msxml2r.dll %windir%\system32\regsvr32.exe /s msxml2r.dll
if exist %windir%\system32\msxml3r.dll %windir%\system32\regsvr32.exe /s msxml3r.dll
if exist %windir%\system32\msxml.dll %windir%\system32\regsvr32.exe /s msxml.dll
if exist %windir%\system32\msxml3.dll %windir%\system32\regsvr32.exe /s msxml3.dll
if exist %windir%\system32\msxmlr.dll %windir%\system32\regsvr32.exe /s msxmlr.dll
if exist %windir%\system32\msxml2.dll %windir%\system32\regsvr32.exe /s msxml2.dll
if exist %windir%\system32\qmgr.dll %windir%\system32\regsvr32.exe /s qmgr.dll
if exist %windir%\system32\qmgrprxy.dll %windir%\system32\regsvr32.exe /s qmgrprxy.dll
if exist %windir%\system32\iuctl.dll %windir%\system32\regsvr32.exe /s iuctl.dll
del C:\Windows\WindowsUpdate.log /S /Q
rd /s /q %windir%\softwareDistribution
sleep 5
%Windir%\system32\net.exe start bits
%Windir%\system32\net.exe start wuauserv
sc sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
sc sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
wuauclt.exe /resetauthorization
wuauclt.exe /detectnow
wuauclt.exe /reportnow
exit /B 0
ASKER
Ok, I created the script and ran it on one of the test clients. It ran fine, I looked in the event viewer and saw no errors. I then looked at the wsus management console and it still does not list any of the updates ad beinbg installed.......
It takes time for the client to report their status and the WSUS to reflect it.
have you checked the system event log on the client dealing with windows updates?
Where the updates downloaded and scheduled/installed?
have you checked the system event log on the client dealing with windows updates?
Where the updates downloaded and scheduled/installed?
It wont list them as being installed until the client(test) machine first downloads and then installs it.
Did the yellow shield appear in the task bar on the test machine?
Look for errors in the windowsupdate.log on this test machine
Did the yellow shield appear in the task bar on the test machine?
Look for errors in the windowsupdate.log on this test machine
You can also look for "fails" when you run the clientdiag.exe tool
http://download.microsoft.com/download/9/7/6/976d1084-d2fd-45a1-8c27-a467c768d8ef/WSUS%20Client%20Diagnostic%20Tool.EXE
http://download.microsoft.com/download/9/7/6/976d1084-d2fd-45a1-8c27-a467c768d8ef/WSUS%20Client%20Diagnostic%20Tool.EXE
ASKER
Ok, I looked again at the event log. The log shows the updates as ready for installation. An administrator must login and windows will prompt them what to do. The current user has full administrative rights on the machine. I also restarted the machine and logged in as the network administrator. I never received any prompts for update installation. I do have the yellow shield for updates. But, I want to have the wsus server install the updates without user intervention.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the help from everyone. You were a big help!
http://someserver/ or is it https://someserver or http://someserver:someport
Can you go to the url in a browser http://someserver/SelfUpdate or something like that check the IIS configuration to see where the WSUS related items are.
Note the intranet URL must be pointing to the location below which the WSUS related files are: