plenum
asked on
WSUS updating client stop when not approved
Hi ,
I setup a WSUS server for my office and start to deploy some replicas for other offices.
Some updates are not approved yet but needed (ex : internet explorer 8) and it appears to block the upgrade process.
For instance, the first 20 updates will be installed on the client on the time I set in the GPO and then the 21rst which is a not approved update but needed blocks the rest of the update until the next schedule.
Now, I wish to find the solution to have all the approved updates installed in one go rather than being blocked by not approved yet updates.
Thanks in advance ,
Regards,
OEGC
I setup a WSUS server for my office and start to deploy some replicas for other offices.
Some updates are not approved yet but needed (ex : internet explorer 8) and it appears to block the upgrade process.
For instance, the first 20 updates will be installed on the client on the time I set in the GPO and then the 21rst which is a not approved update but needed blocks the rest of the update until the next schedule.
Now, I wish to find the solution to have all the approved updates installed in one go rather than being blocked by not approved yet updates.
Thanks in advance ,
Regards,
OEGC
ASKER
thanks for the answer : I took IE8 as an example but I have other not approved updates such as .net Services pack. I can insure it s not a problem with pending reboot : I just did again a test this morning with a pc which was expecting 126 updates and I had to install a first set of 72,reboot tothen enable the download and installation of the remaining patches.
In WSUS, Clients report to the server for available updates. If these updates are not yet approved the client cant pull them from the server. Also WSUS wont even download the updates until they are approved(This is after initial synchronization).
Some more information here:
http://technet.microsoft.com/en-us/library/cc512630.aspx
Also look at Automatic Approval rules:
http://technet.microsoft.com/en-us/library/cc708458(WS.10).aspx
Some more information here:
http://technet.microsoft.com/en-us/library/cc512630.aspx
Also look at Automatic Approval rules:
http://technet.microsoft.com/en-us/library/cc708458(WS.10).aspx
ASKER
so you said that the only chance to run the whole process is to approve or decline all updates and I can not leave some upgrades not approved..
There are updates that won't install until other updates are first installed, like windows installer for ex. Until the latest windows installer is installed then the next group can install
ASKER
I might agree but how do you explain that if I can install a first block of upgrades manually,reboot then the second block which was blocked before is now released and ready to be installed .
"how do you explain that if I can install a first block of upgrades manually,reboot then the second block which was blocked before is now released and ready to be installed ."
Is this while all the updates are approved?
You're making this into more than it needs to be. Look at your c:\Windows\windowsupdate.l og which will give you clues. What is your reasoning for installing in "Blocks" ?
If you're concerned with bandwidth, you can throttle it.
http://blogs.technet.com/sus/archive/2008/06/30/wsus-how-to-throttle-bits.aspx
http://blogs.technet.com/sus/archive/2008/11/19/more-on-throttling-wsus-downloads.aspx
Is this while all the updates are approved?
You're making this into more than it needs to be. Look at your c:\Windows\windowsupdate.l
If you're concerned with bandwidth, you can throttle it.
http://blogs.technet.com/sus/archive/2008/06/30/wsus-how-to-throttle-bits.aspx
http://blogs.technet.com/sus/archive/2008/11/19/more-on-throttling-wsus-downloads.aspx
ASKER
What I meant by block si the following : if I go on WSUS and check the updates needed by a pc, I have a report that will say for example : 100.
On those 100, I have the last 25 approved and downloaded.then the 26 is not approved and any other one that are approved are not downloaded.
Now, if I install manually those 25 updates then reboot, the 26th will remain on the list of updates needed but not aprroved and the rest of the updates will be downloaded.
I also noticed that the SP3 for Windows XP does not get downloaded and installed as any other update and require a manual installation
On those 100, I have the last 25 approved and downloaded.then the 26 is not approved and any other one that are approved are not downloaded.
Now, if I install manually those 25 updates then reboot, the 26th will remain on the list of updates needed but not aprroved and the rest of the updates will be downloaded.
I also noticed that the SP3 for Windows XP does not get downloaded and installed as any other update and require a manual installation
My question is there a reason you are not approving all the needed updates??? Look on the front page at your download status, are there files still being downloaded?
Yes, service packs and IE7/IE8 will need user interaction(manual install)
WSUSDownloadStatus.png
Yes, service packs and IE7/IE8 will need user interaction(manual install)
WSUSDownloadStatus.png
ASKER
thx for that..Yes : We don t want to deploy right now SP for MSFramework .net or any new version as we need to test those before.
I m still very curious to understand why it does not install all approved updates and let the unapproved but needed ones off the process. To do so, I have to run manually the install or wait for the scheduled installation.
I m still very curious to understand why it does not install all approved updates and let the unapproved but needed ones off the process. To do so, I have to run manually the install or wait for the scheduled installation.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Toolkit to Disable Automatic Delivery of Internet Explorer 8
The most likely reason the updates are not continuing is because of a pending reboot.