?
Solved

Disconnected WSUS

Posted on 2011-03-14
19
Medium Priority
?
457 Views
Last Modified: 2012-05-11
Hi all,

I am deploying a disconnected WSUS server on a network that doesn't have any internet connection. I have followed Microsoft direction from the start, beginning at creating a WSUS server on a connected network, downloading updates, approving the ones I needed and exporting the .cab and .log files along with copying all the updates onto the disconnected server. The problem that I am having is that I cannot get any clients to connect to the WSUS server automatically, even logged in as administrator on the client.
Also, if I am logged in as administrator on a client machine, i can do wuauclt.exe /detectnow, it will find the wsus and start downloading updates, otherwise it will not look for it by itself. If I log in as a regular user without admin right, it will not even do anything with the command above, the event log will say no permission to do so. Are there any ways around any of these obstacles?

Thank you,

Mike.
 

Thank you,

Mike.
0
Comment
Question by:mprakhye
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
19 Comments
 
LVL 13

Expert Comment

by:CrashDummy_MS
ID: 35132923
Could you create a daily scheduled task, run as administrator to run "wuauclt.exe /detectnow" ?
0
 
LVL 3

Expert Comment

by:AndrewK80
ID: 35136466
Have you configured group policy correctly to set the update time/settings for the client machines?
0
 

Author Comment

by:mprakhye
ID: 35137398
Yes, I have configured group policy to check for updates every hour, every day. The regular user who logs in to that network does not have any rights at all, therefore even if I run the wuauclt.exe /detectnow command it will not work due to permission errors.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35138674
"The regular user who logs in to that network does not have any rights at all, therefore even if I run the wuauclt.exe /detectnow command it will not work due to permission errors. "

If you enable "Allow non-admins to receive update notifications" then normal users can install windows updates
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35138730
If you would like a good explanation of all the settings read here


http://community.spiceworks.com/how_to/show/1390
0
 

Author Comment

by:mprakhye
ID: 35189790
Thank you for your replies. I have configured everything as per microsoft, but I am getting events in the event log, such as "SelfUpdate is not working" and so on for each service. Also, running the wsus diags it returns an error with VerifyWUServerURL() failed with hr=0x800710dd. I have tried everything ti make it work and running out of ideas. I have setup one disconnected WSUS already for a similiar network and it works just fine. I have checked all the permissions and reset the IUSR_SERVER password to make sure it syncs as well. I cannot reach http://servername/uiudent.cab, it tells me I am not authorized to view this page.

If anyone has any ideas I would appreciate it!

Mike.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35190132
0
 

Author Comment

by:mprakhye
ID: 35190868
Followed all the directions, but the errors still persist. The services do not start and still cannot reach the can file.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35191146
See if there's some setting you may have missed

http://technet.microsoft.com/en-us/library/cc708545%28WS.10%29.aspx
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35191212
0
 

Author Comment

by:mprakhye
ID: 35191618
Just to double check, the first link from microsoft states that only the WSUSAdmin and SelfUpdate has to have Windows intergrated authentication enabled, but the second link states that all of the virtual directories should have windows authentication.
0
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 2000 total points
ID: 35191646
Follow microsoft, the second link was meant to tie in with your error code :)
0
 

Author Comment

by:mprakhye
ID: 35191830
I have updated both virtual directories, one under default websites on port 80 and the second on WSUS website on port 8530, to have both anonymous and windows intergrated, restarted IIS, but it did not make any difference. Running the diags still shows:

When trying to visit http://servername/iuident.cab
You are not authorized to view this page.

VerifyWUServerURL() failed with hr=0x800710dd.
The identifier is not valid

Running the healthcheck shows: SelfUpdate is not working (same for all other services)
0
 

Author Comment

by:mprakhye
ID: 35191856
Also, I do not have the WSUSAdmin directory in my IIS, not sure if that is relevant.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35191959
At this point it would be easier to uninstall/reinstall IIS/asp.net and uninstall/ reinstall WSUS. You should also not need to manually configure any IIS settings(WSUS setup does this).
You "may" need to refer to these:

How to manually remove all of WSUS

http://blogs.technet.com/b/sus/archive/2008/11/05/how-to-manually-remove-all-of-wsus.aspx


Uninstalling Windows Internal Database

http://technet.microsoft.com/en-us/library/cc708610(WS.10).aspx
0
 

Author Comment

by:mprakhye
ID: 35193162
I have uninstalled WSUS 3 SP2 and uninstalled the windows internal database as well. Reinstalled the database and reinstalled the WSUS without importing any updates. Same errors in the event log and with the diags.

VerifyWUServerURL() failed with hr=0x800710dd.
The identifier is not valid

None of the services are starting...
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35193620
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35193693
Also during your uninstalls earlier, did you uninstall both IIS and ASP.NET like I suggested ?
0
 

Author Closing Comment

by:mprakhye
ID: 35282529
I had to assign WIA to some virtual Directories, they it would start working as its supposed to. Thanks!
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question