Solved

WSUS clients not all updating

Posted on 2009-07-13
17
548 Views
Last Modified: 2016-02-21
Hi,
Here is my issue.
I am taking on monitoring WSUS from a previous already configured set up. I was told it is set up at a central location to push out updates to all domain controllers on the network and then the domain controllers send out alerts to all computers to go to the update website and down load the updates. I am trying to learn as much as I can as quick as I can on this subject but I need some answers soon. I have some pc that under last status report they have a "not yet reported" status. Can anyone point me in the right direction on that one??? Also under 'downstream servers' there is nothing there, which may be completely normal. However how I understood it was that if the main server that pulls the updates from Windows and pushes them to the domain controllers which should be downstream  servers. Unless they aren't set up as replica servers, would that be the reason?? Thank you any help is appreciated!!
0
Comment
Question by:INSL
  • 8
  • 4
  • 3
  • +1
17 Comments
 
LVL 10

Accepted Solution

by:
sublifer earned 250 total points
ID: 24843633
If you pulled your computer list from AD then most likely the  "not yet reported"  message indicates stale entries in AD, probably older computers that were replaced, rebuilt, or computers whose names have been changed.  You'll want to check each on a case by case basis to see if you need to delete it from AD.

As for the other, yes it sounds like the DC's weren't set up as replicators.  Not a problem unless you're pushing your patches to multiple locations (with the DC being at that location) with limited available bandwidth.
0
 
LVL 47

Assisted Solution

by:dstewartjr
dstewartjr earned 250 total points
ID: 24843677
" I was told it is set up at a central location to push out updates to all domain controllers on the network and then the domain controllers send out alerts to all computers to go to the update website and down load the updates"
All clients(including Servers) Pull their updates from the Wsus Server and report thier status.
Post your Windowsupdate.log for troubleshooting the "Not yet Reported"
It doesnt sound like your environment is configured with "Replica Servers"
 
0
 
LVL 47

Expert Comment

by:dstewartjr
ID: 24843719
Let me reiterate, there is absolutely no pushing of updates when it comes to Windows Updates/WSUS updates. There is what is called the WUA(Windows Update Agent) which is installed on all systems. This agent queries either WSUS or Windows Update for available updates.
0
 
LVL 2

Expert Comment

by:cincytopher
ID: 24843871
Dstewartjr is correct.  The updates are pulled from the wsus server.  Also, you said that domain controllers send out alerts to all computer to go the update website and down load the updates.  Alerts are not sent out, rather client randomly check in to the wsus server and download updates if needed and update their status.  This is usually done through group policy in the domain.  You can configure everything from what group the client goes in, to how the updates are installed, to how often the clients check in.
0
 
LVL 47

Expert Comment

by:dstewartjr
ID: 24843920
Post your Windowsupdate.log for troubleshooting the "Not yet Reported"
We will be able to figure out your issue from there.
0
 
LVL 1

Author Comment

by:INSL
ID: 24844991
Here is the log file from the server that is hosting the WSUS.
I only put on about a months worth..not to sure if that is way too much or if you want the whole log which is from about May.

Thanks for all the help!!
WindowsUpdate1.txt
0
 
LVL 10

Expert Comment

by:sublifer
ID: 24846040
Your proxy isn't configured correct for   mail01.cervuscorp.com

Take a look at this kb for that

http://support.microsoft.com/kb/900936

For that "not yet reported" error, you need the windowsupdate.log from a client machine experiencing the problem, not the server.  If you don't see any problems then its as I said above, stale computer instances.
But, after seeing that log from your server it looks more like the server has been misconfigured and dependent clients aren't able to communicate with the server.
0
 
LVL 47

Expert Comment

by:dstewartjr
ID: 24846197
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 1

Author Comment

by:INSL
ID: 24850358
Ok I will track down a client log file.. my bad
0
 
LVL 2

Expert Comment

by:cincytopher
ID: 24850513
We actually need the log file of the client that is not reporting.
0
 
LVL 47

Expert Comment

by:dstewartjr
ID: 24851996
a posting of your clientdiag results may also help too.


http://download.microsoft.com/download/9/7/6/976d1084-d2fd-45a1-8c27-a467c768d8ef/WSUS%20Client%20Diagnostic%20Tool.EXE


Do this on a client not reporting
0
 
LVL 1

Author Comment

by:INSL
ID: 24852896
This is a log file of a client that is not reporting.
I have attached the entire file.
WindowsUpdate.log
0
 
LVL 10

Expert Comment

by:sublifer
ID: 24858086
I see a few things to check, first make sure your WSUS site has the selfupdate folder.
Next verify that the IUSR\  account has read (and maybe write) access to the WSUS content folders.
Also seeing what looks like proxy errors but could be related to the above so check those first.  If the above didn't help, try adding your WSUS servers to the proxy bypass list.

0
 
LVL 47

Expert Comment

by:dstewartjr
ID: 24859476
The error in your log usually refers to a bug with office 2003
 
http://www.expta.com/2008/10/fix-for-0x8024400e-errors-on-wsus.html
0
 
LVL 47

Expert Comment

by:dstewartjr
ID: 24859557
0
 
LVL 1

Author Comment

by:INSL
ID: 24861391
Thank you for all the help I will look into it all.
0
 
LVL 47

Expert Comment

by:dstewartjr
ID: 24861516
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Microsoft has released remote PowerShell capabilities to all commercial Office 365 customers. So you can be controlled via PowerShell and not from the Office 365 admin center Download Windows PowerShell Module for Lync Online http://www.micros…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now