Solved

WSUS connectivity

Posted on 2013-01-31
4
272 Views
Last Modified: 2016-02-20
I have a non domain window 2003 sp2, and there is a domain connected WSUS (2k3 as well). Is it possible to push updates to the non domain windows server ? if so how can I do this ?
0
Comment
Question by:shadow2007
4 Comments
 

Assisted Solution

by:chichaoff
chichaoff earned 166 total points
ID: 38840814
On you workgroup computers, run regedit to open registry editor, navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\WindowsUpdate

You also need to create/configure the UseWUServer registry value in the subkey
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU with dword:0x1

in order to cause the WUAgent to read the other two values (WUServer and WUStatusServer). If UseWUServer is absent, or false, the WUAgent will continue to update from Automatic Update (if configured to update at all).

Configure WUServer and WUStatusserver as the URL of your WSUS server with the port number.

After configuring, run "wuauclt /detectnow" to force the communication.
Reply  Quote
0
 
LVL 4

Accepted Solution

by:
AnthonyHamon earned 167 total points
ID: 38840899
This is possible.  As your Windows Server 2003 machine is not on the domain, you need to configure AU using Local Group Policy, as follows:

Run gpedit.msc
Open the User Configuration branch of the tree
Right-click Administrative Templates and select Add/Remove Templates
Select wuau and click Add.  Click wuau.adm in the Policy Templates dialog box and click Open
To view all the AU configuration policy options in the Group Policy Object Editor, go to Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update
Select 'Specify intranet Microsoft update service location' and specify the address of your WSUS server
Amend any of the other AU policy settings, as required
Restart your server
Run wuauclt /detectnow
Check the C:\Windows\WindowsUpdate.log file to ensure that the server was able to connect to your domain based WSUS server
0
 
LVL 12

Assisted Solution

by:Sandeep
Sandeep earned 167 total points
ID: 38840962
You have to set Local GPO for that machine.

You can access it through gpedit.msc as advised above.

Go to Computer Configuration->Administrative Templates->Windows Components->Windows Update

Over here you will find several values in which there are few important which requires to be set. There are others too but below are important, if Configure Automatic Updates is set to disabled, even after providing WSUS IP, server will not look to detect Windows Update.

Configure Automatic Updates - Enable this, and select default option 3 Auto Download and notify for install.
Specify intranet Microsoft update service location - Provide WSUS Server IP as http://ServerIP

Once this one is done, reboot your PC.
Run command wuauclt /detectnow - This will detect new patches from WSUS Server.
wuauclt /reportnow  - This will report the status to the WSUS Server about patches.

Hope this Helps.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 38844773
...and if you don't want to reboot your server (which I can imagine), simply restart your update service to enable the new settings. wuauclt /detectnow alone will not do this, by the way.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

806 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question