Solved

Automatic Windows Update

Posted on 2012-04-04
34
248 Views
Last Modified: 2012-04-13
Attached is a screenshot of my Automatic Updates settings.    I do not turn my PC off at night.  I went out to Windows Update Web site and see several security updates from November 2011 that have not downloaded nor are they installed.

What could we have wrong ?

I am on  Windows XP sp3
windows-update.jpg
0
Comment
Question by:bankwest
  • 17
  • 12
  • 2
  • +3
34 Comments
 
LVL 9

Expert Comment

by:Geodash
ID: 37807321
Have you checked the GPO Settings to make sure the downloaded updates are being applied?

http://support.microsoft.com/kb/328010
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37807323
Are they critical updates, or optional ones?  Have they been superceded?
0
 

Expert Comment

by:vlsllp
ID: 37807361
Check with your IT person. ask them about your Group Policy Settings.
0
 
LVL 38

Expert Comment

by:Adam Brown
ID: 37807364
If you have WSUS on your network and are using that to push updates to clients, the updates have to be approved in WSUS before they will show up for the clients.
0
 

Author Comment

by:bankwest
ID: 37807365
They are all high priority and critical updates....
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37807369
Also, if using WSUS, accept updates and verify GPO are pushing WSUS settings and updates to PC correctly. Per my linked article above
0
 

Author Comment

by:bankwest
ID: 37807385
I am kinda lost here.     We did have WSUS running.....Changes to network and managment cancelled contract with outside consultant before they completed setting it up again.  

So I guess I need to figure out HOW to set it up.
0
 

Author Comment

by:bankwest
ID: 37807387
BTW....I knew WSUS was not running BUT thought the consultant set GPO to do it that way
0
 
LVL 2

Expert Comment

by:active8it
ID: 37807446
you need to remove the wsus gpo from your domain controller or point it to a functional wsus server. once this has been changed your pc will then either go direct to windows update or use the new wsus server
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37807578
Yes.  It's likely your system is looking for the (now non-existent) WSUS server to pull updates from.  Fixing the GPO defining that should address the issue.
0
 

Author Comment

by:bankwest
ID: 37812923
I have opted to "take the bull by the horns" and install WSUS.   I found good step by step instructions online but now have a question.

My server that I am going to run WSUS from and pull the updates, is Donald
My domain server is Bones where computer and user GPO is maintained.

On the instructions it says :
Step 5 contains the following procedures:
•      Add the WSUS Administrative Template.
•      Configure Automatic Updates.
•      Point your client computer to your WSUS server.
•      Manually initiate detection by the WSUS server.
Perform the first three procedures on a domain–based Group Policy object.
To add the WSUS Administrative Template
1.      In Group Policy Object Editor, click either of the Administrative Templates nodes.
2.      On the Action menu, click Add/Remove Templates and then click Add.
3.      In the Policy Templates dialog box, click wuau.adm, and then click Open.
4.      In the Add/Remove Templates dialog box, click Close.

I do this on Bones and it is not finding the wuau.adm file.

Am I approaching this correctly?
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37813198
It should be in C:\Windows\INF.  Look on any other machine to see if they have it and just copy it over.
0
 

Author Comment

by:bankwest
ID: 37813783
Ok....Got that....Now it says:

 To manually initiate detection by the WSUS server
1.      On the client computer, click Start, and then click Run.
2.      Type cmd in the Open box, and then click OK.
3.      At the command prompt, type wuauclt.exe /detectnow. This command-line option instructs Automatic Updates to contact the WSUS server immediately.

But on Donald - WSUS console....no computers are showing up.    and when I do the wuauclt.exe /detectnow.....should I see something happen in the cmd window?   I hit enter and it just drops down a line with a new prompt.    Doesn't say anything....
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37813950
I expect they'll show up eventually.  Give it an hour or so?  You may need to reboot the clients as well (I don't recall).
0
 

Author Comment

by:bankwest
ID: 37816550
Guess I am missing something in the setup....I waited overnight...All users do shutdowns or restarts.    Still nothing showing in the console.
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37816589
Are you sure the policy is being applied at the client?  If you run RSOP on a client, can you verify the WSUS policy is applied?
0
 

Author Comment

by:bankwest
ID: 37816692
WSUS Server - Donald
Domain Server - Bones
My PC - xx101

I tried to run rsop.msc on xx101 and it will not load.   Keep getting server messages that say:
The following error occurred in C:\Windows\Inf\AER_1028.adm on line 189: Error 64.   Help string specified more than once.....The file can not be loaded.      
Same error, only thing that seems to change is I had one that was AER_1044

So I tried rspo.msc on Bones....   I got that one to load and looked at the GPO.  

Administrative templates > Windows Components > Windows Update and I can see the policy that is applied.  

This is for getting the updates....  I think I am okay there.

What policy tells the client to check in with WSUS??

Think I might be getting myself confused.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37816699
Try running GPResult at the command prompt on xx101.

The group policy itself should be applied to the clients, telling them to acquire their updates from the WSUS server.
0
 

Author Comment

by:bankwest
ID: 37816762
Please see attached screenshot.   The GPO policy that has the WSUS settings are in
bwok default domain policy
GPResult.jpg
0
 

Author Comment

by:bankwest
ID: 37817664
AHHHHHHHHHHH!!!!    Think I found my problem.   In configuration.   Looked at it too many times I think.    I now have clients starting to show up.
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37823239
Glad to hear it.
0
 

Author Comment

by:bankwest
ID: 37823274
paulmacd,

Can I leave this open for a few more days in case I need some further assistance as I finish it up?

Thanks
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37823283
It's your post my friend.  You can do whatever you like!
0
 

Author Comment

by:bankwest
ID: 37825299
I have one client...Windows XP (have several just like it) and it is not showing up in the admin console.   I have done gpupdate /force.    I have tried wuauclt.exe /detectnow and still nothing.    I have looked at the windows update log.   See attached.
I have done the gpresult and it shows the GPO applied.

BUT,  (second screenshot) the client is showing updates now on the lower right of the screen that updates are ready.

Any idea why I can't get it to show up in the WSUS admin console?
Windows-Update2.jpg
WindowsUpdate.log
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37825355
This error "Send failed with hr = 80072ee2" is a timeout.  Is it possible this machine has a firewall or some other piece of software that would stop it from actually contacting the WSUS server?  

Can you ping the WSUS server from this machine?  

What happens when you click on this link: http://donald:8530/SimpleAuthWebService/SimpleAuth.asmx
0
 

Author Comment

by:bankwest
ID: 37825424
I changed the WSUS server to : http://donald 

And on the WSUS admi console I dont have a proxy server set up......Should I????   and assign a port????

In the log,  On April 6, it shows that change.     If I click on the url you listed above, and remove the:8530
then I get a window that says:    SimpleAuth with a hyperlink for GetAuthorizationCookie and one for Ping.
0
 

Author Comment

by:bankwest
ID: 37825426
Oh, and yes I can ping the WSUS server from the client
0
 

Author Comment

by:bankwest
ID: 37827723
Discovered the problem.   Duplicate SUSclientID.   I deleted that on the client, restarted the client, ran wuauclt /resetauthorization /detectnow and it was almost immediate that the client is now showing in the WSUS console.
0
 

Author Comment

by:bankwest
ID: 37839707
Think I am about ready to put this to bed......LOL
Final question, I think,...When we had WSUS before, we had 2 clients in test group that got updates downloaded and installed automatically.   I have that set that way again.    The rest of the clients were in a group, lets call it Users.    Then every week I would review the updates that were downloaded to WSUS and typically approve them to install.  

Here lies the question.    It use to download to the client???  or be ready to update and when they logged out for the day, in their logout window it would say Updates ready to install, then shutdown...or something like that.    Today, I had a user that updates went thru entire process and forced a restart.....I don't want it to do that.
Where or how to I set that to be like before that they don't actually update the client until the user logs off.
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37839785
The clients should be configured - via AD GPO - to pull their updates from the WSUS server.  Until you approve the updates, they can't be installed to the client.  Once you approve them, the client may (or may not, depending on how you have it configured) prompt the user to install the updates.  

The user will be prompted once all the updates have been downloaded to the client.  If the user chooses not to install the updates, the user will be prompted again when they shutdown/reboot.  I don't think there's any way to not have the user be notified prior to that, but I could be wrong.
0
 

Author Comment

by:bankwest
ID: 37842684
Ok, Really....I think this might be my last question.

Should I be setting up WSUS to use a proxy server when synchronizing?     To specify a port?  443?  8530?    

In Options > Update Source and Proxy Server > Update Source, I have it checked to Synchronize from Microsoft Update and on the Proxy Tab, I don't hav anything set.
0
 
LVL 34

Accepted Solution

by:
Paul MacDonald earned 500 total points
ID: 37842690
Do you use a proxy server on your network?  Since you don't know the answer, and you seem to be otherwise pulling down updates okay, I'm guessing you don't so I wouldn't worry about it.
0
 

Author Closing Comment

by:bankwest
ID: 37843528
I have to say this has been one the best experiences I have had when posting questions.   I am not an advanced network person, but learning ALOT as I go.    This assistance was awesome and easy to understand.

Thank you so much for the GREAT feedback.
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37843538
Thank you.  I was very happy to have helped.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you build your web application in Visual Studio you'll get at least a few binaries, or .DLL, files in your bin folder. However, there is more compiling to be done. Normally this would happen when an ASP.NET resource within the web site is request…
It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now