WSUS not getting correct updates and Computers not pulling updates from WSUS server

First off, I just have to express how much I dislike WSUS, it is such a frustrating un-intuitive unreliable piece of software I find..

First problem, I find that in my WSUS console certain updates show up, but when I go to the Windows update site individually with each client machine, it shows a lot more needed updates than what is actually in the updates page on the console itself.  I have all the products that I want it to download ticked and I'm selecting the view to show any needed/not applicable updates.  I don't see half of the updates that are on the actual windows update page in the WSUS console.  So I feel as if using WSUS alone is not giving the machines all the updates they need.

2nd problem.  I find every so often, the computers for some reason just do not communicate properly with WSUS.  Here's what I mean.  I have modified group policy to add my WSUS server as the update server for the clients and they still never seem to report to the server until I go to the windows update page at least once and click "install" on that active X thingy or whatever it is that it is prompting you to install before you can see the list of updates.  After I click install then it seems to magically start reporting to the WSUS server..  Why do I have to do this??? I should not have to go to the website to get the WSUS client/server communication to work the way that it is supposed to.  I thought all you had to do was set the group policy make sure the registry key is set and it will just start pulling updates or pushing (however it works).  

Am I doing something wrong?  Or is this how half built this thing is?
dominicbenjaminAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
You should first double check your WSUS catalog.  I.e. did you configure the WSUS to retrieve all the updates that you need and not just windows OS?

For your second question that issue might be that your AU/WSUS client side is somehow corrupt and the access to the Windows update sites resets/reregisters the right dlls.

Besides pointing the GPO to the WSUS are you also using Targets to specify to which group the computer belongs??
0
dominicbenjaminAuthor Commented:
Hey Arnold,

Thanks for the response. Here's what I did.  I went to the options portion of the WSUS console, clicked on Products and Classifications and selected all the things I wanted WSUS to download.  

2nd thing.  How do I reregister the right dlls?

3rd thing.  No I never used Targets to specify which group they belong to.  I just manually drag them into different groups in the WSUS console itself.  I never quite understood how to set up the Target groups.
0
arnoldCommented:
The targets are setup within the GPO in the same section where you define the intranet update server URL.
Other than producs and classification, there is the second tab dealing with the types of updates you want, i.e. Roll up, Service Packs, drivers, etc.

In the AD, you would use OUs for the different targets:

Adding a GPO at the top of the domain that will only set the Intranet URL.
Then you would add OUs into which you will put different computer accounts.
You would then add a GPO to the OU that will set the target, update settings (install, download and notify, or notify only) depending on what the computers are.

For workstations or setup where you have an install directive, I recommend you create a sample test OU where you would place a sample of the available systems.  You would then approve new updates for the test OU target group.
If everything goes well with those, you could let the updates apply to the main OU.

The below link deals with GPO management of Automatic update behavior including client-side targetting.
http://technet.microsoft.com/en-us/library/cc720539.aspx
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Angular Fundamentals

Learn the fundamentals of Angular 2, a JavaScript framework for developing dynamic single page applications.

dominicbenjaminAuthor Commented:
Hey Arnold,

seems like the computers are reporting fine now, but all of them except for the WSUS server itself has "Updates with Errors" as the status.  All of them have a red X next to them.  Some of them say that they have 2 or more failed updates etc.  How do I go about resolving these errors?  Or getting them to install?
0
arnoldCommented:
You have to determine why the updates failed.  If you have a single WSUS, looking at the failed updates on one system, and then clicking the link Failed, you should see an error code for the reason of a failure.
The reason could be that you do not download the express versions of the updates and the systems could not download the update.  If these are Office updates that failed, you may not have the office cache files needed for the system to apply the updates and reconfigure the install.

Which updates failed? All the system could very well point to the same set of failed updates.
0
dominicbenjaminAuthor Commented:
Hi Arnold,

These 3 updates seem to be the main ones that fail on every system:

Security Update for Microsoft .NET Framework, Version 2.0 (KB928365),
Microsoft .NET Framework 3.5 Service Pack 1, .NET Framework 3.5 Family Update (KB951847) x86 and Cumulative Security Update for Internet Explorer 6 for Windows XP (KB953838)..

Then I have two other systems that have regular security updates for Windows XP that are failing:
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)

I just can't figure out why updates like those would fail.
0
arnoldCommented:
The first two updates rely on the underlying application (Outlook express/windows mail) and directshow to be installed.  What is the error code reflected in the Failed to install.
I.e. pick a system with the error.  Click on the updates with errors. Go to the page where the update status is reported.  Click on the link for the status which is Failed.
There you should see an error code and possibly an explanation for the failure.
The other option is to look in the c:\windows\windowsupdate.log on the system to determine why the update is failing.
It is impossible for me without seeing the errors to be able to explain or suggest a course of action to correct the issue.
0
dominicbenjaminAuthor Commented:
I clicked on the failed link and it says for all the errors the following:  Error: Download failed.
0
arnoldCommented:
Are you getting both the express and the regular updates?

Run the following on a system that failed to download wuauclt /detectnow
The issue could be that the files were not present when the systems tried to download the updates.

Check the windowsupdate.log to see why the download failed.  Presumably you do not have space issues on C:\ of the workstation preventing the download of the updates.
0
dominicbenjaminAuthor Commented:
I checked the log file.  It looks like jibberish to me lol.  The only thing that I saw that made some kinda sense was this "DnldMgr      Error 0x80244019 occurred while downloading update; notifying dependent calls."

I am only getting the regular updates on this WSUS server.  I ran the command then checked back my WSUS server.  Nothing seems to look different except for the last status report changed to the current time, but the red X is still there.
0
arnoldCommented:
Which update mode do you have configure?  Are you downloading the express versions of the updates as well?
update files and Languages what do you have configured?
0
dominicbenjaminAuthor Commented:
I have it set to option 4 in Group Policy - Auto Download and schedule the install time.  Have it set to not download express versions... But have changed that since your last post.  I have it set to only download English updates.
0
arnoldCommented:
Ok, give your wsus server time to download all the updates (express versions) and then see if this issue resolves itself.

0
dominicbenjaminAuthor Commented:
Hey Arnold,

It seemed like the computers started to report accurately again after I declined the .Net 3.5 update and enabled the express updates.  Thanks for your assistance!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.