Methodman85
asked on
WSUS - Computers are being restarted even with No-Auto restart policy set
Hello Everyone,
Users are complaining that their computers a restarting on certain nights due to Windows Updates.
Our WSUS server is set with default options - to automatically approve critical updates. Set a deadline for the approval is UNCHECKED.
The GPO settings are shown below. Any idea why some systems reset over night, while the users are logged in with their computers locked?
Windows Components/Windows Updatehide
Policy Setting Comment
Configure Automatic Updates Enabled
Configure automatic updating: 4 - Auto download and schedule the install
The following settings are only required
and applicable if 4 is selected.
Scheduled install day: 0 - Every day
Scheduled install time: 03:00
Policy Setting Comment
Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates Enabled
No auto-restart with logged on users for scheduled automatic updates installations: Enabled
Re-prompt for restart with scheduled installations: Enabled
Wait the following period before
prompting again with a scheduled
restart (minutes): 600
Policy Setting Comment
Reschedule Automatic Updates scheduled installations Enabled
Wait after system
startup (minutes): 5
Users are complaining that their computers a restarting on certain nights due to Windows Updates.
Our WSUS server is set with default options - to automatically approve critical updates. Set a deadline for the approval is UNCHECKED.
The GPO settings are shown below. Any idea why some systems reset over night, while the users are logged in with their computers locked?
Windows Components/Windows Updatehide
Policy Setting Comment
Configure Automatic Updates Enabled
Configure automatic updating: 4 - Auto download and schedule the install
The following settings are only required
and applicable if 4 is selected.
Scheduled install day: 0 - Every day
Scheduled install time: 03:00
Policy Setting Comment
Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates Enabled
No auto-restart with logged on users for scheduled automatic updates installations: Enabled
Re-prompt for restart with scheduled installations: Enabled
Wait the following period before
prompting again with a scheduled
restart (minutes): 600
Policy Setting Comment
Reschedule Automatic Updates scheduled installations Enabled
Wait after system
startup (minutes): 5
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes, anytime you have to type in a username & password on a computer that is joined to a domain, a DC has to authenticate it if it is logged out or locked. The reason I know this, I had to call Microsoft Gold Support for a similair issue several months ago.
If you have a Windows 2008 DC on your LAN, lock a computer then go into active directory & look at the user or computer account & it will show logged off/locked. A Win 2003 DC does not show this setting in AD but it looks at it the same way, the setting is just not there for an admin to see.
Hope this helps.
If you have a Windows 2008 DC on your LAN, lock a computer then go into active directory & look at the user or computer account & it will show logged off/locked. A Win 2003 DC does not show this setting in AD but it looks at it the same way, the setting is just not there for an admin to see.
Hope this helps.
ASKER
hrm, interesting. If that's the case, I wonder why a net user <username> doesn't register a logon time when I unlock the computer. I definitely believe you though. Unfortunately I don't have a 2008 DC on my network yet.
Is there any documentation that supports this behavior?
Is there any documentation that supports this behavior?
I don't know of any documentation although I will search my emails for the ticket from Microsoft when they closed my call because it references what I mentioned.
ASKER
Also, how come this never seems to happen to servers? Why only on client machines? Have you noticed this same behavior?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
"Re-prompt for restart with scheduled installations: Enabled "
This is the reason the computers are rebooting. This is the reminder that a update that needed a reboot will do so in "Wait the following period before prompting again with a scheduled restart (minutes): 600 "
This is the reason the computers are rebooting. This is the reminder that a update that needed a reboot will do so in "Wait the following period before prompting again with a scheduled restart (minutes): 600 "
ASKER
SO then why does it not just re-prompt and leave it at that. I thought that just tells it how long to wait before displaying that annoying "Your system needs to be restarted message"
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The link says:
"Specifies the amount of time for Automatic Updates to wait before prompting again with a scheduled restart.
If the status is set to Enabled, a scheduled restart will occur the specified number of minutes after the previous prompt for restart was postponed."
So doesn't that mean that the prompt will show up again after the number of minutes. It's not saying that the computer will restart without re-prompt after the number of minutes
"Specifies the amount of time for Automatic Updates to wait before prompting again with a scheduled restart.
If the status is set to Enabled, a scheduled restart will occur the specified number of minutes after the previous prompt for restart was postponed."
So doesn't that mean that the prompt will show up again after the number of minutes. It's not saying that the computer will restart without re-prompt after the number of minutes
ASKER
Line 1 and line 2 of the description seem to be saying different things lol.
"If the status is set to Enabled, a scheduled restart will occur the specified number of minutes after the previous prompt for restart was postponed."
Meaning that how ever long it gets postponed, when that time has elapsed it will reboot. It does not just postpone the message.
Meaning that how ever long it gets postponed, when that time has elapsed it will reboot. It does not just postpone the message.
ASKER
yes but what about the first line "Specifies the amount of time for Automatic Updates to wait before prompting again with a scheduled restart.
Yes, it will prompt again and if no response(machine is locked) it will reboot in 5 minutes. There is a good reason for restarting. Further updates will not install until a pending reboot is taken care of. Some updates cannot install without a reboot because the file that they need to update is in use.
It's probably better to explain it as "Delay countdown timer before automatic restart"
ASKER
I see, I'm just running a quick test, I have it set to download and schedule install at 6:00PM on my test system. I will click restart later when the prompt comes up at that time. Then I will lock the machine (I have re-prompt set to 5 mins). It should restart 5 minutes after correct?
Did you read "Rob's notes" from the earlier link? ;^)
ASKER
So if I don't configure the Reprompt option, the computers will stop restarting when someone is logged on, no matter how long they're idle?
Sorry I'm being so difficult. But if I remove the delay of 300 minutes before reprompt, the users will be prompted every 10 minutes, but they're systems will never restart unless the tell it to?
But if I leave the delay they will continue to restart if the prompt isn't answered.
Sorry I'm being so difficult. But if I remove the delay of 300 minutes before reprompt, the users will be prompted every 10 minutes, but they're systems will never restart unless the tell it to?
But if I leave the delay they will continue to restart if the prompt isn't answered.
ASKER
Are you saying that Locked and Logged Out = Same?