[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 405
  • Last Modified:

"Windows can't check for updates" even though i have WSUS

Guys i am hoping to have some help here; i am new to WSUS and Group Policy; i setup WSUS and all my PC's are showing up but in AD i don't have WSUS policy turned on. however the computers on the network keep showing me "windows can't check for updates" error.

any ideas
0
NxJNY
Asked:
NxJNY
  • 20
  • 16
  • 2
  • +2
1 Solution
 
Joseph MoodyBlogger and wearer of all hats.Commented:
Set your machines to point to the WSUS server (using group policy

Here is a useful guide: http://technet.microsoft.com/en-us/library/cc708519(WS.10).aspx 
0
 
NxJNYAuthor Commented:
Thanks Jmoody10 : so you think the errors mean these pc's are not seeing the wsus so it's giving that error?
0
 
MinoDCCommented:
If you have the Group policy management console,you can run the Group Policy result Wizard, insert pc name, and not insert users for policy. Next, you can view the policy that apply to the pc and view if it take something
0
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

 
Joseph MoodyBlogger and wearer of all hats.Commented:
I do.
0
 
Kruno DžoićSystem EngineerCommented:
remove proxy, update windows, add proxy back
0
 
Donald StewartNetwork AdministratorCommented:
Do you get an error from command prompt ?

reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /s



if not please post a windowsupdate.log from a client PC
0
 
Kruno DžoićSystem EngineerCommented:
or he can check with command gpresult on client
0
 
Donald StewartNetwork AdministratorCommented:
The reg query is much simpler and quicker
0
 
Donald StewartNetwork AdministratorCommented:
There's alot of good help here


WSUS Troubleshooting Survival Guide

http://social.technet.microsoft.com/wiki/contents/articles/wsus-troubleshooting-survival-guide.aspx
0
 
NxJNYAuthor Commented:
This is the gp result file
Albert-gp-result.txt
0
 
Donald StewartNetwork AdministratorCommented:
0
 
Donald StewartNetwork AdministratorCommented:
I also noticed your GPO is labeled "WSUS 3.0 sp1"

If you havent already, you should update to SP2

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=a206ae20-2695-436c-9578-3403a7d46e40
0
 
NxJNYAuthor Commented:
all 3 PASS

Admin Rights - pass
Auto Updates Service -pass
BITS - pass
0
 
Donald StewartNetwork AdministratorCommented:
Are you on latest WSUS version ?

Any errors in windowsupdate.log ? <<post this
0
 
NxJNYAuthor Commented:
i am actually on the latest version; here is the logs
WindowsUpdate.log
0
 
NxJNYAuthor Commented:
i think i just uploaded the wrong file
0
 
Donald StewartNetwork AdministratorCommented:
Temporarily disable firewall on your WSUS server and check if error goes away
0
 
Donald StewartNetwork AdministratorCommented:
0
 
NxJNYAuthor Commented:
my wsus server firewall was always disabled
0
 
Donald StewartNetwork AdministratorCommented:
Ok, try the hotfix
0
 
NxJNYAuthor Commented:
Here is the result from the hotfix

 hotfix
0
 
Donald StewartNetwork AdministratorCommented:
Did all pass earlier ?

how does windowsupdate.log now look ?
0
 
NxJNYAuthor Commented:
this is the first time i ran the hotfix; attached are the logs
WindowsUpdate.log
0
 
Donald StewartNetwork AdministratorCommented:
run this .bat on that system and give it 5 minutes for windowsupdate.log to repopulate.


%Windir%\system32\net.exe stop bits 
%Windir%\system32\net.exe stop wuauserv 
%Windir%\system32\net.exe stop cryptsvc
 


if exist %Windir%\system32\atl.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\atl.dll  
if exist %Windir%\system32\jscript.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\jscript.dll 
if exist %Windir%\system32\softpub.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\softpub.dll  
if exist %Windir%\system32\wuapi.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuapi.dll 
if exist %Windir%\system32\wuaueng.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuaueng.dll  
if exist %Windir%\system32\wuaueng1.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuaueng1.dll  
if exist %Windir%\system32\wucltui.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wucltui.dll  
if exist %Windir%\system32\wups.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wups.dll  
if exist %Windir%\system32\wups2.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wups2.dll  
if exist %Windir%\system32\wuweb.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuweb.dll  
if exist %windir%\system32\iuengine.dll %windir%\system32\regsvr32.exe /s iuengine.dll
if exist %windir%\system32\wuauserv.dll %windir%\system32\regsvr32.exe /s wuauserv.dll
if exist %windir%\system32\cdm.dll %windir%\system32\regsvr32.exe /s cdm.dll
if exist %windir%\system32\msxml2r.dll %windir%\system32\regsvr32.exe /s msxml2r.dll
if exist %windir%\system32\msxml3r.dll %windir%\system32\regsvr32.exe /s msxml3r.dll
if exist %windir%\system32\msxml.dll  %windir%\system32\regsvr32.exe /s msxml.dll
if exist %windir%\system32\msxml3.dll %windir%\system32\regsvr32.exe /s msxml3.dll
if exist %windir%\system32\msxmlr.dll %windir%\system32\regsvr32.exe /s msxmlr.dll
if exist %windir%\system32\msxml2.dll %windir%\system32\regsvr32.exe /s msxml2.dll
if exist %windir%\system32\qmgr.dll %windir%\system32\regsvr32.exe /s qmgr.dll
if exist %windir%\system32\qmgrprxy.dll %windir%\system32\regsvr32.exe /s qmgrprxy.dll
if exist %windir%\system32\iuctl.dll %windir%\system32\regsvr32.exe /s iuctl.dll
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f



rd /s /q %windir%\softwareDistribution
del C:\Windows\WindowsUpdate.log /S /Q
%Windir%\system32\net.exe start cryptsvc
%Windir%\system32\net.exe start bits 
%Windir%\system32\net.exe start wuauserv 


sc sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)


sc sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)

wuauclt /resetauthorization /detectnow

exit /B 0

Open in new window

0
 
Donald StewartNetwork AdministratorCommented:
0
 
NxJNYAuthor Commented:
i failed to give you this information wearlier, i apologise. Some of the PC's are showing Windows can't check for updates and some of them are seeing the WSUS server.

i ran the script but still get the error
0
 
Donald StewartNetwork AdministratorCommented:
go over the verfying your settings links
0
 
NxJNYAuthor Commented:
everything looks legit on verify the settings; i am using wsus 3.0 so i verify with that version
0
 
Donald StewartNetwork AdministratorCommented:
So you went over these ?

http://technet.microsoft.com/en-us/library/dd939903(WS.10).aspx

http://technet.microsoft.com/en-us/library/dd939790(WS.10).aspx


At this point I would find it easier to start over and uninstall/reinstall WSUS

go over this step by step install(in case there was something missed first time around)

http://blogs.microsoft.co.il/blogs/yanivf/archive/2007/09/23/install-wsus-3-0-step-by-step.aspx





0
 
Donald StewartNetwork AdministratorCommented:
Also to back up a bit,

When you ran the .bat I posted earlier, did you run on a client or on the WSUS server ?

It needs to be run on clients
0
 
NxJNYAuthor Commented:
yes i ran it on client side . thanks
0
 
Donald StewartNetwork AdministratorCommented:
Ok, good...just wanted to be sure there wasnt any confusion.
0
 
Donald StewartNetwork AdministratorCommented:
Here's another article that pertains to the error you are getting

http://support.microsoft.com/kb/836941
0
 
NxJNYAuthor Commented:
after a reinstall of WSUS all my PC's that are showing up in WSUS are now saying "the computer has not reported status in 54 or more days"
0
 
Donald StewartNetwork AdministratorCommented:
Ok

You can now run this command on the PC's

wuauclt.exe /resetauthorization /detectnow
0
 
NxJNYAuthor Commented:
yep i tried that about 3 hours ago :)
0
 
Donald StewartNetwork AdministratorCommented:
how does the windowsupdate.log  look?
0
 
NxJNYAuthor Commented:
same error as before


PT        Server URL = http://192.168.111.233:8530/SimpleAuthWebService/SimpleAuth.asmx
PT      WARNING: GetAuthorizationCookie failure, error = 0x80244008, soap client error = 8, soap error code = 0, HTTP status code = 200
PT      WARNING: Failed to initialize Simple Targeting Cookie: 0x80244008
2PT      WARNING: PopulateAuthCookies failed: 0x80244008
PT      WARNING: RefreshCookie failed: 0x80244008
PT      WARNING: RefreshPTState failed: 0x80244008
PT      WARNING: PTError: 0x80244008
Report      WARNING: Reporter failed to upload events with hr = 80244008.
0
 
NxJNYAuthor Commented:
i tried deleting a PC from WSUS and removing the SUSID and ran the detectnow command and it did not show up back; not sure but i think the issue is related
0
 
NxJNYAuthor Commented:
i found out that the ip address was wrong on the "set the intranet update service for detecting updates. Thanks dstewartjr for all your help
0
 
Donald StewartNetwork AdministratorCommented:
Yeah, you should have noticed that here

http:#a35722349
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 20
  • 16
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now