Solved

Automatic Windows Update

Posted on 2012-04-04
34
252 Views
Last Modified: 2012-04-13
Attached is a screenshot of my Automatic Updates settings.    I do not turn my PC off at night.  I went out to Windows Update Web site and see several security updates from November 2011 that have not downloaded nor are they installed.

What could we have wrong ?

I am on  Windows XP sp3
windows-update.jpg
0
Comment
Question by:bankwest
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 17
  • 12
  • 2
  • +3
34 Comments
 
LVL 9

Expert Comment

by:Geodash
ID: 37807321
Have you checked the GPO Settings to make sure the downloaded updates are being applied?

http://support.microsoft.com/kb/328010
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37807323
Are they critical updates, or optional ones?  Have they been superceded?
0
 

Expert Comment

by:vlsllp
ID: 37807361
Check with your IT person. ask them about your Group Policy Settings.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 41

Expert Comment

by:Adam Brown
ID: 37807364
If you have WSUS on your network and are using that to push updates to clients, the updates have to be approved in WSUS before they will show up for the clients.
0
 

Author Comment

by:bankwest
ID: 37807365
They are all high priority and critical updates....
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37807369
Also, if using WSUS, accept updates and verify GPO are pushing WSUS settings and updates to PC correctly. Per my linked article above
0
 

Author Comment

by:bankwest
ID: 37807385
I am kinda lost here.     We did have WSUS running.....Changes to network and managment cancelled contract with outside consultant before they completed setting it up again.  

So I guess I need to figure out HOW to set it up.
0
 

Author Comment

by:bankwest
ID: 37807387
BTW....I knew WSUS was not running BUT thought the consultant set GPO to do it that way
0
 
LVL 2

Expert Comment

by:active8it
ID: 37807446
you need to remove the wsus gpo from your domain controller or point it to a functional wsus server. once this has been changed your pc will then either go direct to windows update or use the new wsus server
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37807578
Yes.  It's likely your system is looking for the (now non-existent) WSUS server to pull updates from.  Fixing the GPO defining that should address the issue.
0
 

Author Comment

by:bankwest
ID: 37812923
I have opted to "take the bull by the horns" and install WSUS.   I found good step by step instructions online but now have a question.

My server that I am going to run WSUS from and pull the updates, is Donald
My domain server is Bones where computer and user GPO is maintained.

On the instructions it says :
Step 5 contains the following procedures:
•      Add the WSUS Administrative Template.
•      Configure Automatic Updates.
•      Point your client computer to your WSUS server.
•      Manually initiate detection by the WSUS server.
Perform the first three procedures on a domain–based Group Policy object.
To add the WSUS Administrative Template
1.      In Group Policy Object Editor, click either of the Administrative Templates nodes.
2.      On the Action menu, click Add/Remove Templates and then click Add.
3.      In the Policy Templates dialog box, click wuau.adm, and then click Open.
4.      In the Add/Remove Templates dialog box, click Close.

I do this on Bones and it is not finding the wuau.adm file.

Am I approaching this correctly?
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37813198
It should be in C:\Windows\INF.  Look on any other machine to see if they have it and just copy it over.
0
 

Author Comment

by:bankwest
ID: 37813783
Ok....Got that....Now it says:

 To manually initiate detection by the WSUS server
1.      On the client computer, click Start, and then click Run.
2.      Type cmd in the Open box, and then click OK.
3.      At the command prompt, type wuauclt.exe /detectnow. This command-line option instructs Automatic Updates to contact the WSUS server immediately.

But on Donald - WSUS console....no computers are showing up.    and when I do the wuauclt.exe /detectnow.....should I see something happen in the cmd window?   I hit enter and it just drops down a line with a new prompt.    Doesn't say anything....
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37813950
I expect they'll show up eventually.  Give it an hour or so?  You may need to reboot the clients as well (I don't recall).
0
 

Author Comment

by:bankwest
ID: 37816550
Guess I am missing something in the setup....I waited overnight...All users do shutdowns or restarts.    Still nothing showing in the console.
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37816589
Are you sure the policy is being applied at the client?  If you run RSOP on a client, can you verify the WSUS policy is applied?
0
 

Author Comment

by:bankwest
ID: 37816692
WSUS Server - Donald
Domain Server - Bones
My PC - xx101

I tried to run rsop.msc on xx101 and it will not load.   Keep getting server messages that say:
The following error occurred in C:\Windows\Inf\AER_1028.adm on line 189: Error 64.   Help string specified more than once.....The file can not be loaded.      
Same error, only thing that seems to change is I had one that was AER_1044

So I tried rspo.msc on Bones....   I got that one to load and looked at the GPO.  

Administrative templates > Windows Components > Windows Update and I can see the policy that is applied.  

This is for getting the updates....  I think I am okay there.

What policy tells the client to check in with WSUS??

Think I might be getting myself confused.
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37816699
Try running GPResult at the command prompt on xx101.

The group policy itself should be applied to the clients, telling them to acquire their updates from the WSUS server.
0
 

Author Comment

by:bankwest
ID: 37816762
Please see attached screenshot.   The GPO policy that has the WSUS settings are in
bwok default domain policy
GPResult.jpg
0
 

Author Comment

by:bankwest
ID: 37817664
AHHHHHHHHHHH!!!!    Think I found my problem.   In configuration.   Looked at it too many times I think.    I now have clients starting to show up.
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37823239
Glad to hear it.
0
 

Author Comment

by:bankwest
ID: 37823274
paulmacd,

Can I leave this open for a few more days in case I need some further assistance as I finish it up?

Thanks
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37823283
It's your post my friend.  You can do whatever you like!
0
 

Author Comment

by:bankwest
ID: 37825299
I have one client...Windows XP (have several just like it) and it is not showing up in the admin console.   I have done gpupdate /force.    I have tried wuauclt.exe /detectnow and still nothing.    I have looked at the windows update log.   See attached.
I have done the gpresult and it shows the GPO applied.

BUT,  (second screenshot) the client is showing updates now on the lower right of the screen that updates are ready.

Any idea why I can't get it to show up in the WSUS admin console?
Windows-Update2.jpg
WindowsUpdate.log
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37825355
This error "Send failed with hr = 80072ee2" is a timeout.  Is it possible this machine has a firewall or some other piece of software that would stop it from actually contacting the WSUS server?  

Can you ping the WSUS server from this machine?  

What happens when you click on this link: http://donald:8530/SimpleAuthWebService/SimpleAuth.asmx
0
 

Author Comment

by:bankwest
ID: 37825424
I changed the WSUS server to : http://donald 

And on the WSUS admi console I dont have a proxy server set up......Should I????   and assign a port????

In the log,  On April 6, it shows that change.     If I click on the url you listed above, and remove the:8530
then I get a window that says:    SimpleAuth with a hyperlink for GetAuthorizationCookie and one for Ping.
0
 

Author Comment

by:bankwest
ID: 37825426
Oh, and yes I can ping the WSUS server from the client
0
 

Author Comment

by:bankwest
ID: 37827723
Discovered the problem.   Duplicate SUSclientID.   I deleted that on the client, restarted the client, ran wuauclt /resetauthorization /detectnow and it was almost immediate that the client is now showing in the WSUS console.
0
 

Author Comment

by:bankwest
ID: 37839707
Think I am about ready to put this to bed......LOL
Final question, I think,...When we had WSUS before, we had 2 clients in test group that got updates downloaded and installed automatically.   I have that set that way again.    The rest of the clients were in a group, lets call it Users.    Then every week I would review the updates that were downloaded to WSUS and typically approve them to install.  

Here lies the question.    It use to download to the client???  or be ready to update and when they logged out for the day, in their logout window it would say Updates ready to install, then shutdown...or something like that.    Today, I had a user that updates went thru entire process and forced a restart.....I don't want it to do that.
Where or how to I set that to be like before that they don't actually update the client until the user logs off.
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37839785
The clients should be configured - via AD GPO - to pull their updates from the WSUS server.  Until you approve the updates, they can't be installed to the client.  Once you approve them, the client may (or may not, depending on how you have it configured) prompt the user to install the updates.  

The user will be prompted once all the updates have been downloaded to the client.  If the user chooses not to install the updates, the user will be prompted again when they shutdown/reboot.  I don't think there's any way to not have the user be notified prior to that, but I could be wrong.
0
 

Author Comment

by:bankwest
ID: 37842684
Ok, Really....I think this might be my last question.

Should I be setting up WSUS to use a proxy server when synchronizing?     To specify a port?  443?  8530?    

In Options > Update Source and Proxy Server > Update Source, I have it checked to Synchronize from Microsoft Update and on the Proxy Tab, I don't hav anything set.
0
 
LVL 34

Accepted Solution

by:
Paul MacDonald earned 500 total points
ID: 37842690
Do you use a proxy server on your network?  Since you don't know the answer, and you seem to be otherwise pulling down updates okay, I'm guessing you don't so I wouldn't worry about it.
0
 

Author Closing Comment

by:bankwest
ID: 37843528
I have to say this has been one the best experiences I have had when posting questions.   I am not an advanced network person, but learning ALOT as I go.    This assistance was awesome and easy to understand.

Thank you so much for the GREAT feedback.
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37843538
Thank you.  I was very happy to have helped.
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are 2 things you must have in order to connect to the internet behind a router, The "Gateway IP" of the router, which is usually something like 192.168.xxx.1, I've seen routers with default values of: 192.168.0.1, 192.168.1.1, 192.168.11.1, …
cPanel is a Unix based web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site. cPanel utilizes a 3 tier structure that provides functionality for administrators, rese…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question