Solved

WSUS clients not all updating

Posted on 2009-07-13
17
562 Views
Last Modified: 2016-02-21
Hi,
Here is my issue.
I am taking on monitoring WSUS from a previous already configured set up. I was told it is set up at a central location to push out updates to all domain controllers on the network and then the domain controllers send out alerts to all computers to go to the update website and down load the updates. I am trying to learn as much as I can as quick as I can on this subject but I need some answers soon. I have some pc that under last status report they have a "not yet reported" status. Can anyone point me in the right direction on that one??? Also under 'downstream servers' there is nothing there, which may be completely normal. However how I understood it was that if the main server that pulls the updates from Windows and pushes them to the domain controllers which should be downstream  servers. Unless they aren't set up as replica servers, would that be the reason?? Thank you any help is appreciated!!
0
Comment
Question by:INSL
  • 8
  • 4
  • 3
  • +1
17 Comments
 
LVL 10

Accepted Solution

by:
sublifer earned 250 total points
ID: 24843633
If you pulled your computer list from AD then most likely the  "not yet reported"  message indicates stale entries in AD, probably older computers that were replaced, rebuilt, or computers whose names have been changed.  You'll want to check each on a case by case basis to see if you need to delete it from AD.

As for the other, yes it sounds like the DC's weren't set up as replicators.  Not a problem unless you're pushing your patches to multiple locations (with the DC being at that location) with limited available bandwidth.
0
 
LVL 47

Assisted Solution

by:Donald Stewart
Donald Stewart earned 250 total points
ID: 24843677
" I was told it is set up at a central location to push out updates to all domain controllers on the network and then the domain controllers send out alerts to all computers to go to the update website and down load the updates"
All clients(including Servers) Pull their updates from the Wsus Server and report thier status.
Post your Windowsupdate.log for troubleshooting the "Not yet Reported"
It doesnt sound like your environment is configured with "Replica Servers"
 
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24843719
Let me reiterate, there is absolutely no pushing of updates when it comes to Windows Updates/WSUS updates. There is what is called the WUA(Windows Update Agent) which is installed on all systems. This agent queries either WSUS or Windows Update for available updates.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 2

Expert Comment

by:cincytopher
ID: 24843871
Dstewartjr is correct.  The updates are pulled from the wsus server.  Also, you said that domain controllers send out alerts to all computer to go the update website and down load the updates.  Alerts are not sent out, rather client randomly check in to the wsus server and download updates if needed and update their status.  This is usually done through group policy in the domain.  You can configure everything from what group the client goes in, to how the updates are installed, to how often the clients check in.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24843920
Post your Windowsupdate.log for troubleshooting the "Not yet Reported"
We will be able to figure out your issue from there.
0
 
LVL 1

Author Comment

by:INSL
ID: 24844991
Here is the log file from the server that is hosting the WSUS.
I only put on about a months worth..not to sure if that is way too much or if you want the whole log which is from about May.

Thanks for all the help!!
WindowsUpdate1.txt
0
 
LVL 10

Expert Comment

by:sublifer
ID: 24846040
Your proxy isn't configured correct for   mail01.cervuscorp.com

Take a look at this kb for that

http://support.microsoft.com/kb/900936

For that "not yet reported" error, you need the windowsupdate.log from a client machine experiencing the problem, not the server.  If you don't see any problems then its as I said above, stale computer instances.
But, after seeing that log from your server it looks more like the server has been misconfigured and dependent clients aren't able to communicate with the server.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24846197
0
 
LVL 1

Author Comment

by:INSL
ID: 24850358
Ok I will track down a client log file.. my bad
0
 
LVL 2

Expert Comment

by:cincytopher
ID: 24850513
We actually need the log file of the client that is not reporting.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24851996
a posting of your clientdiag results may also help too.


http://download.microsoft.com/download/9/7/6/976d1084-d2fd-45a1-8c27-a467c768d8ef/WSUS%20Client%20Diagnostic%20Tool.EXE


Do this on a client not reporting
0
 
LVL 1

Author Comment

by:INSL
ID: 24852896
This is a log file of a client that is not reporting.
I have attached the entire file.
WindowsUpdate.log
0
 
LVL 10

Expert Comment

by:sublifer
ID: 24858086
I see a few things to check, first make sure your WSUS site has the selfupdate folder.
Next verify that the IUSR\  account has read (and maybe write) access to the WSUS content folders.
Also seeing what looks like proxy errors but could be related to the above so check those first.  If the above didn't help, try adding your WSUS servers to the proxy bypass list.

0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24859476
The error in your log usually refers to a bug with office 2003
 
http://www.expta.com/2008/10/fix-for-0x8024400e-errors-on-wsus.html 
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24859557
0
 
LVL 1

Author Comment

by:INSL
ID: 24861391
Thank you for all the help I will look into it all.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24861516
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Usually shares are where we want them for our users and we tend to take them for granted. There are times, however, when those shares may disappear causing difficulty for your users. One of the first things to try is searching for files that shou…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question