Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1030
  • Last Modified:

WSUS removal in SBS 2008 and now cant do windows update

Hi, I just took over a SBS2008 server and the previous admin had removed WSUS from it (not appearing on the add remove programs list) as it was taking up to much space on the server.

However since then none of the client pcs nor the server can check for updates.  Also if we try to check manually for updates it wont let us install. says error 80072EFD  Windows encountered a unknown error

Also when doing a manual update, the systems still say that the windows updates are managed by system administrator.

Any help ?
0
c45
Asked:
c45
1 Solution
 
teomcamCommented:
Hi,

Yes that is quite normal because after removal they must forget to default the Group Policies related to this.
Please open Group Policy Management console and navigate to Computer Configuration-Administartive Templates-Windows Components/Windows Updates-Policy and set the followigns to DEFAULT

1-Specify intranet Microsoft update service location
2-Set the intranet update service for detecting updates
3-Set the intranet statistics server
4-Check for updates at the following interval (hours):  20

Also there might be some special policies such as when updates will be checked, update installation automatic or manual etc.
0
 
c45Author Commented:
sorry for the delayed response.  When i open the GPM all i see is

Forest
and the domain

Sorry a bit lost here
gpm.png
0
 
yo_beeDirector of ITCommented:
I guess this was neglected by the helper.
 
From your image you will need to expand the Domain Node and locate the GPO that has the settings.  
It is a computer configuration GPO so you are looking for a GPO linked to the OU with the Computers and/or  Servers.

If you want to take a screenshot the Domain Node expanded maybe the naming convention the previous ADMIN can be isolated with this setting we are looking for.
 
GPO1GPO2GPO3
Change all settings to Not configured.

To try and test without making any changes I recommend creating a completely new OU with Blocked GP Inheritance.

Open ADUC (Active Directory Users & Computers MMC)
Right click on the Domain and select New
aduc1
Name it (example: Sterile)
Then move one of your workstations into this OU for testing
aduc2
aduc3
Then Open GPMC again and block inheritance.
Locate the OU just created > Right click on it and select Block Inheritance.

gpo4gpo5
Once you have done this run GPUPDATE /FORCE on the computer that you moved into the Sterile OU > Restart.

Next you want to confirm that there are no setting of the old Link GPO still set.

Open the Registry to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate

Make sure you do not see any values pointing to local server like https://SBS2008:8530 or Target Group.

You may need to run Windows System Readiness Tool as well at the end of this.
Make sure you run the proper flavor of the tool

http://www.microsoft.com/en-us/download/details.aspx?id=3132 (32Bit)
http://www.microsoft.com/en-us/download/details.aspx?id=20858(64Bit)
0
 
Cris HannaCommented:
While the question has an accepted answer I'm still going to chime in.  Why not simply repair WSUS and use it as designed on SBS?  http://technet.microsoft.com/en-us/library/dd443475(v=ws.10).aspx

Probably the easiest repair process in all of SBS.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now