Removing WSUS and changing Group Policy and clients to reflect uninstallation

I dont condone not using WSUS, so here's a great step by step to get you back up and running.


http://blogs.microsoft.co.il/blogs/yanivf/archive/2007/09/23/install-wsus-3-0-step-by-step.aspx


I can also help you if you have any problems during the reinstall.

if you did with registry, here are the settings that you will have to change, see article below;

http://technet.microsoft.com/en-us/library/cc708449(WS.10).aspx

if the policy was a GPO, following was done and need to be altered/removed;

http://technet.microsoft.com/en-us/library/cc720539(WS.10).aspx

Shabhi

After reading dstewartjr and shabhi, I clearly did not configure everything that needed to be configured to use wsus properly.  I do want to use it after reading these posts however.  But I'd like to start from scratch.  Here's my issue - many of the clients successfully used WSUS as evidenced by the clients themselves and the wsus server logs and reports.  Many did not though.  Thus my frustration.  I don't remember exactly what I did to install it (but believe me I personally did).  After trying to retrace my steps unsuccessfully I just uninstalled wsus from the server and tried forcing group policy update on a test workstation.  It didn't work.  I don't believe I used the registry alone to configure it.  However there is a reg key HLKM\software\policies\microsoft\windows\windows update that is listing my domain controller (the wsus server) as the update server.  I left this alone and started writing this reply.  Nothing in group policy object editor is configured, but the wuau.adm template was installed.  Each component of Windows UPdate is "not configured".  How was I ever running wsus successfully on some machines.  My problem is - I need to start over but I can't seem to reverse the things I've done as the test client is not allowing a change to the Automatic Updates setting.  It's obviously still looking to the wsus server via group policy, right??  Please help.  When I'm done reversing what I've clearly messed up I am going to try wsus again with your instructions.  thanks

Another thing - I'm assuming I need GPMC and that it does not come by default with Windows Server 2003 R2.  Should I just find this on microsoft?

You need to install admin pack for windows server available at micrisift downloads


GPMC is part of the pack
 Link is Download.microsoft.com

Now your previous comment:

I will list down the steps to uninstall and then install the WSUS in your envoirnment.

1) Identify all the GPO that are pushing the policy and to what clients.

2) Review the GPO and find out the settings (I recommend that you share the settings here before any action)

3) Identify the WSUS server name in GPO is correct or not.

4) If server name is incorrect, change it.

5) Make the rest of the policy changes as required (we can discuss this in detail once we know what is in the GPO)

6) Apply the policy to required clients.

7) On one client at command prompt(as admin), issue the following two commands;

Gpupdate /force

Wait for the policy to be applied.

Then give command;

Wuauclt.exe /updatenow


8)Check the registry keys in my first post;

 

All values including the server name must be there in client registry.

9) If WUAUCLT /updatenow returns error, it means there is problem with your wsus server.

10) In case no problems, go to http://wsusservername/wsus/admin

And see that the clients will start to show up

11) For these clients  you will have to configure updates as per requirment.

Shabhi

How to manually remove all of WSUS

and you will also need to run:



On 32-bit platforms: msiexec /x {CEB5780F-1A70-44A9-850F-DE6C4F6AA8FB} callerid=ocsetup.exe

On 64-bit platforms: msiexec /x {BDD79957-5801-4A2D-B09E-852E7FA64D01} callerid=ocsetup.exe

 

Got the gpmc installed.

There is nothing configured in GPO Editor, I mean nothing.  Everything is "not configured"

LOL ...."10) In case no problems, go to http://wsusservername/wsus/admin"

WSUS 3 no longer uses the browser to administer WSUS, You must use the MMC.

Incase you plan to go ahead on point 5, you can follow steps in my first post and define according to your company policy guideline for clients updates.

Shabhi

What is the result from command prompt:


reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"

Screenshot of "nothing" attached.  Each module is like this
GPO-SS.JPG

If you run rsop.msc you can track down which gpo is applying the WSUS setting

Yup, right, if wsus3 then, correct but I am assuming a year old installation on 2003

:)

Authors first sentence  "I've been running WSUS 3."

GeorgeMartin…, your screenshot is of a Local computer policy, not a Group policy.

Missed it, I am on mobile device.

Please review the procdure and suggest any thing you see alternate to situation.

I will come back online once I am back in the city.

Shabhi

ran rsop.msc.  Default domain policy is the culprit.  I am assuming I installed the snap in incorrectly for Group Policy Object Editor and thought it was for the domain, seems I installed it for "local machine" only.  Sound right?  
Okay, how do I reverse this mess I made . . . now that I can see it's the default domain policy and the update server is indeed listed therein as my domain controller, also evidenced in regedit.

thanks so much

You can safely, leave the gpo as it is since you are reinstalling WSUS

Unless you have any errors/troubles during the uninstall and reinstall of WSUS, the guide I provided will step you through getting back up.

The manual steps I provided are incase there were problems or difficulty uninstalling.

Are the step-by-steps complete?  THat is, do they assume that nothing else is done on the server other than what is outlined in the steps?  I sometimes find that professionals assume a layman has taken some "pre-steps" or has already done this or that to the network or server or policy that would be required to make something else work.  Take it from a layman . . . we have not.
thanks

Of course its complete, even has screenshots of each step.

Ouch.  Setup wsus failed.  Screenshot attached.  I followed all of the steps from the link above to manually remove wsus.  at the wsus setup screen to choose a database the middle option, as outlined in dstewartjr's step-by-step, was grayed out, leaving me with only the first (D:\WSUS) or last.  I choose the first.  Guess I did something wrong or missed something.  Please advise.  thanks

forgot to attach
setup-failed.JPG

tried again.  another screenshot attached.  it's looking for the thing I stopped and deleted when manually removing.  I'm guessing it needs it and doesn't recreate it during installation.  
sqlss.JPG

You da  . . . man (I'm assuming)

After running 'msiexec /x {CEB5780F-1A70-44A9-850F-DE6C4F6AA8FB} callerid=ocsetup.exe' I still only had the first (and third) option for database instance, not the "default" instance as outlined in the step by step.  But the install seemed to be successful.  After about 20 hours all clients have yet to report status.  I tried forcing by running some commands (resetauthorization, detectnow, updatenow).  No luck.  Should I be able to connect to the wsus from a client machine by going to http://wsusservername:port?  If so, I cannot.  I tried port 80, 443, and 8530.  If I go to http://wssusservername I get "Under Construction", which seems to be appropriate.  My reg keys list the correct server.  The GPO "default domain policy" had some of the old installation's configuration so I changed all the settings therein to "not configured".  I am assuming this is okay since a new GPO was created (WSUS Policy) for automatic updates, as per the instructions.  Could this have affected it?  Do I just need to wait longer for clients to report?  Please advise.  Thanks

forgot to mention that I read http://technet.microsoft.com/en-us/library/cc708627(WS.10).aspx

Excerpt below:

To troubleshoot client connectivity
Open a command window.

Contact the WSUS server: pingWSUSServerName

Contact the WSUS HTTP server. Open Internet Explorer and in the Address bar type: http://WSUSServerName:portNumber where WSUSServerName is the name of the WSUS server, and portNumber is the port that has been configured for it (for example, 80 for HTTP, 443 for SSL, and 8530 for a custom port).

Verify the existence of the self-update tree. In an Internet Explorer Address bar type http://WSUSServerName/selfupdate/wuident.cab

If the WSUS server is functioning properly, you should see a File Download window asking you whether to open or save the file. Close the window.

End excerpt.

The only step above that seemed to function properly was pinging the server.