Automatic Windows Update

Attached is a screenshot of my Automatic Updates settings.    I do not turn my PC off at night.  I went out to Windows Update Web site and see several security updates from November 2011 that have not downloaded nor are they installed.

What could we have wrong ?

I am on  Windows XP sp3
windows-update.jpg
bankwestCTO/CashierAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

GeodashCommented:
Have you checked the GPO Settings to make sure the downloaded updates are being applied?

http://support.microsoft.com/kb/328010
0
Paul MacDonaldDirector, Information SystemsCommented:
Are they critical updates, or optional ones?  Have they been superceded?
0
vlsllpCommented:
Check with your IT person. ask them about your Group Policy Settings.
0
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

Adam BrownSr Solutions ArchitectCommented:
If you have WSUS on your network and are using that to push updates to clients, the updates have to be approved in WSUS before they will show up for the clients.
0
bankwestCTO/CashierAuthor Commented:
They are all high priority and critical updates....
0
GeodashCommented:
Also, if using WSUS, accept updates and verify GPO are pushing WSUS settings and updates to PC correctly. Per my linked article above
0
bankwestCTO/CashierAuthor Commented:
I am kinda lost here.     We did have WSUS running.....Changes to network and managment cancelled contract with outside consultant before they completed setting it up again.  

So I guess I need to figure out HOW to set it up.
0
bankwestCTO/CashierAuthor Commented:
BTW....I knew WSUS was not running BUT thought the consultant set GPO to do it that way
0
active8itCommented:
you need to remove the wsus gpo from your domain controller or point it to a functional wsus server. once this has been changed your pc will then either go direct to windows update or use the new wsus server
0
Paul MacDonaldDirector, Information SystemsCommented:
Yes.  It's likely your system is looking for the (now non-existent) WSUS server to pull updates from.  Fixing the GPO defining that should address the issue.
0
bankwestCTO/CashierAuthor Commented:
I have opted to "take the bull by the horns" and install WSUS.   I found good step by step instructions online but now have a question.

My server that I am going to run WSUS from and pull the updates, is Donald
My domain server is Bones where computer and user GPO is maintained.

On the instructions it says :
Step 5 contains the following procedures:
•      Add the WSUS Administrative Template.
•      Configure Automatic Updates.
•      Point your client computer to your WSUS server.
•      Manually initiate detection by the WSUS server.
Perform the first three procedures on a domain–based Group Policy object.
To add the WSUS Administrative Template
1.      In Group Policy Object Editor, click either of the Administrative Templates nodes.
2.      On the Action menu, click Add/Remove Templates and then click Add.
3.      In the Policy Templates dialog box, click wuau.adm, and then click Open.
4.      In the Add/Remove Templates dialog box, click Close.

I do this on Bones and it is not finding the wuau.adm file.

Am I approaching this correctly?
0
Paul MacDonaldDirector, Information SystemsCommented:
It should be in C:\Windows\INF.  Look on any other machine to see if they have it and just copy it over.
0
bankwestCTO/CashierAuthor Commented:
Ok....Got that....Now it says:

 To manually initiate detection by the WSUS server
1.      On the client computer, click Start, and then click Run.
2.      Type cmd in the Open box, and then click OK.
3.      At the command prompt, type wuauclt.exe /detectnow. This command-line option instructs Automatic Updates to contact the WSUS server immediately.

But on Donald - WSUS console....no computers are showing up.    and when I do the wuauclt.exe /detectnow.....should I see something happen in the cmd window?   I hit enter and it just drops down a line with a new prompt.    Doesn't say anything....
0
Paul MacDonaldDirector, Information SystemsCommented:
I expect they'll show up eventually.  Give it an hour or so?  You may need to reboot the clients as well (I don't recall).
0
bankwestCTO/CashierAuthor Commented:
Guess I am missing something in the setup....I waited overnight...All users do shutdowns or restarts.    Still nothing showing in the console.
0
Paul MacDonaldDirector, Information SystemsCommented:
Are you sure the policy is being applied at the client?  If you run RSOP on a client, can you verify the WSUS policy is applied?
0
bankwestCTO/CashierAuthor Commented:
WSUS Server - Donald
Domain Server - Bones
My PC - xx101

I tried to run rsop.msc on xx101 and it will not load.   Keep getting server messages that say:
The following error occurred in C:\Windows\Inf\AER_1028.adm on line 189: Error 64.   Help string specified more than once.....The file can not be loaded.      
Same error, only thing that seems to change is I had one that was AER_1044

So I tried rspo.msc on Bones....   I got that one to load and looked at the GPO.  

Administrative templates > Windows Components > Windows Update and I can see the policy that is applied.  

This is for getting the updates....  I think I am okay there.

What policy tells the client to check in with WSUS??

Think I might be getting myself confused.
0
Paul MacDonaldDirector, Information SystemsCommented:
Try running GPResult at the command prompt on xx101.

The group policy itself should be applied to the clients, telling them to acquire their updates from the WSUS server.
0
bankwestCTO/CashierAuthor Commented:
Please see attached screenshot.   The GPO policy that has the WSUS settings are in
bwok default domain policy
GPResult.jpg
0
bankwestCTO/CashierAuthor Commented:
AHHHHHHHHHHH!!!!    Think I found my problem.   In configuration.   Looked at it too many times I think.    I now have clients starting to show up.
0
Paul MacDonaldDirector, Information SystemsCommented:
Glad to hear it.
0
bankwestCTO/CashierAuthor Commented:
paulmacd,

Can I leave this open for a few more days in case I need some further assistance as I finish it up?

Thanks
0
Paul MacDonaldDirector, Information SystemsCommented:
It's your post my friend.  You can do whatever you like!
0
bankwestCTO/CashierAuthor Commented:
I have one client...Windows XP (have several just like it) and it is not showing up in the admin console.   I have done gpupdate /force.    I have tried wuauclt.exe /detectnow and still nothing.    I have looked at the windows update log.   See attached.
I have done the gpresult and it shows the GPO applied.

BUT,  (second screenshot) the client is showing updates now on the lower right of the screen that updates are ready.

Any idea why I can't get it to show up in the WSUS admin console?
Windows-Update2.jpg
WindowsUpdate.log
0
Paul MacDonaldDirector, Information SystemsCommented:
This error "Send failed with hr = 80072ee2" is a timeout.  Is it possible this machine has a firewall or some other piece of software that would stop it from actually contacting the WSUS server?  

Can you ping the WSUS server from this machine?  

What happens when you click on this link: http://donald:8530/SimpleAuthWebService/SimpleAuth.asmx
0
bankwestCTO/CashierAuthor Commented:
I changed the WSUS server to : http://donald 

And on the WSUS admi console I dont have a proxy server set up......Should I????   and assign a port????

In the log,  On April 6, it shows that change.     If I click on the url you listed above, and remove the:8530
then I get a window that says:    SimpleAuth with a hyperlink for GetAuthorizationCookie and one for Ping.
0
bankwestCTO/CashierAuthor Commented:
Oh, and yes I can ping the WSUS server from the client
0
bankwestCTO/CashierAuthor Commented:
Discovered the problem.   Duplicate SUSclientID.   I deleted that on the client, restarted the client, ran wuauclt /resetauthorization /detectnow and it was almost immediate that the client is now showing in the WSUS console.
0
bankwestCTO/CashierAuthor Commented:
Think I am about ready to put this to bed......LOL
Final question, I think,...When we had WSUS before, we had 2 clients in test group that got updates downloaded and installed automatically.   I have that set that way again.    The rest of the clients were in a group, lets call it Users.    Then every week I would review the updates that were downloaded to WSUS and typically approve them to install.  

Here lies the question.    It use to download to the client???  or be ready to update and when they logged out for the day, in their logout window it would say Updates ready to install, then shutdown...or something like that.    Today, I had a user that updates went thru entire process and forced a restart.....I don't want it to do that.
Where or how to I set that to be like before that they don't actually update the client until the user logs off.
0
Paul MacDonaldDirector, Information SystemsCommented:
The clients should be configured - via AD GPO - to pull their updates from the WSUS server.  Until you approve the updates, they can't be installed to the client.  Once you approve them, the client may (or may not, depending on how you have it configured) prompt the user to install the updates.  

The user will be prompted once all the updates have been downloaded to the client.  If the user chooses not to install the updates, the user will be prompted again when they shutdown/reboot.  I don't think there's any way to not have the user be notified prior to that, but I could be wrong.
0
bankwestCTO/CashierAuthor Commented:
Ok, Really....I think this might be my last question.

Should I be setting up WSUS to use a proxy server when synchronizing?     To specify a port?  443?  8530?    

In Options > Update Source and Proxy Server > Update Source, I have it checked to Synchronize from Microsoft Update and on the Proxy Tab, I don't hav anything set.
0
Paul MacDonaldDirector, Information SystemsCommented:
Do you use a proxy server on your network?  Since you don't know the answer, and you seem to be otherwise pulling down updates okay, I'm guessing you don't so I wouldn't worry about it.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bankwestCTO/CashierAuthor Commented:
I have to say this has been one the best experiences I have had when posting questions.   I am not an advanced network person, but learning ALOT as I go.    This assistance was awesome and easy to understand.

Thank you so much for the GREAT feedback.
0
Paul MacDonaldDirector, Information SystemsCommented:
Thank you.  I was very happy to have helped.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.