Link to home
Create AccountLog in
Avatar of Schuyler Dorsey
Schuyler DorseyFlag for United States of America

asked on

WSUS seemingly not correctly reporting update status

I have noticed for awhile a couple different issues with WSUS.

1. Servers always seem to report 99% of updates installed. Yet if you go to those servers and check for updates, it shows none available.

2. If you check for updates online (instead of WSUS), it almost always reports several updates but when you check for updates via WSUS, it shows not available.. almost like WSUS is a month behind what is on Windows Update. I checked the syncs and it successfully syncs each night and I have every Windows Server 2008r2 update category checked.

Any advice? it seems to be rather common from conversations I have had with other engineers.
Avatar of Nagendra Pratap Singh
Nagendra Pratap Singh
Flag of Australia image

You need to select for unapproved updates in each category. Then you need to either approve or decline each of those.

If an update is not in either group, then it is likely to be shown as missing etc.

You may start by searching for the missing patch in the top part of the console. Until you approve it, the client devices will not know about it but WSUS report will nag you because this update is neither declined and nor installed.
Avatar of Schuyler Dorsey

ASKER

If I go to the All Updates category and filter by Approval:Unapproved and Status:Failed or Needed, none show up currently.

If I change it to Approval: Unapproved and Status:ANY, all updates here show as installed on 100% of the machines.

Are you saying that I should approve the updates that are already installed on 100% of my machines?
Do you have auto approve rules, or decline?
Select the system and look at the updates it lists as needed. This way you can see which update is pending approval/decline.

WSUS list all updates within the same scope while windows updates has the optional/software/cpicom/silverlight etc. which could be what you are seeing.
I.e. wsus obtained the metadata for all categories.  A system checks for available updates which include optional driver, feature packs as available but not approved.
For one client, I did note something just now.

If I go to the servers that list 99% (which is all of them), and go to the Updates Needed report, some of them do say Not Approved. I checked these updates and they match on my auto approval rule for workstations but not auto approval for servers. Because they are approved for workstations, I am guess that is why they do not show up for approval needed when I check that screen.

However on a few others, I have noted that WSUS reported a patch being installed on the box but manually checking the box revealed that it was not in fact installed.
ASKER CERTIFIED SOLUTION
Avatar of arnold
arnold
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account