Conrad_Bel
asked on
Off Line WSUS-Files For Updates Not Downloaded but actually have been succesfuly imported
I have an issue I need help with. This is a disconnected network. I first copied over the update files. I then imported the metadata. The size of the update files on the connected server is 10.97GB and the size of the update files on the disconnected WSUS is 10.97GB. The size of the metadata folder is also the same. The NT Service has full control of the WSUS and the WSUS Content folders and files.
- When I first imported everything the dashboard stated 0 files needed downloaded.
- I did a test push of updates to a test server. I pushed about 55 out of 100 patches. No errors. I did same for a test workstation and pushed about 48 out of 100 patches with no errors. Not really sure whey it didn't push all the 100 patches though. Could it be they weren't needed?
- I then did a second round of patch pushes and then started getting the notification in the Patch window stating Files not downloaded. It was approved and needed. See attached:
Also on Friday 28 June the dashboard stated 213 needing updates and downloaded 10.90MB out of 1112MB. On Monday 1 July the dashboard states 206 updates need downloaded and its downloaded 21MB of 1112MB. I'm attaching windows update logs for test server, test workstation and the WSUS sever itself. Also attaching error event from WSUS event viewer (event 10032 and error 364). Saw no errors in the test server and workstation event logs relating to updates. Just to make sure my WSUS continues to work I pushed 1 patch this morning to the WSUS itself. The patch I pushed stated the WSUS need it and it was approved last week ande succesffuly deployed to the TestServer.
Please any ideas would be most appreciated. If you need any other info please just ask me.
TestServerLog.txt
TestWIN7log.txt
WSUSUpdateLOG.txt
WSUSEventError.txt
WSUSeventerror10032.PNG
- When I first imported everything the dashboard stated 0 files needed downloaded.
- I did a test push of updates to a test server. I pushed about 55 out of 100 patches. No errors. I did same for a test workstation and pushed about 48 out of 100 patches with no errors. Not really sure whey it didn't push all the 100 patches though. Could it be they weren't needed?
- I then did a second round of patch pushes and then started getting the notification in the Patch window stating Files not downloaded. It was approved and needed. See attached:
Also on Friday 28 June the dashboard stated 213 needing updates and downloaded 10.90MB out of 1112MB. On Monday 1 July the dashboard states 206 updates need downloaded and its downloaded 21MB of 1112MB. I'm attaching windows update logs for test server, test workstation and the WSUS sever itself. Also attaching error event from WSUS event viewer (event 10032 and error 364). Saw no errors in the test server and workstation event logs relating to updates. Just to make sure my WSUS continues to work I pushed 1 patch this morning to the WSUS itself. The patch I pushed stated the WSUS need it and it was approved last week ande succesffuly deployed to the TestServer.
Please any ideas would be most appreciated. If you need any other info please just ask me.
TestServerLog.txt
TestWIN7log.txt
WSUSUpdateLOG.txt
WSUSEventError.txt
WSUSeventerror10032.PNG
ASKER
Yes they were approved on the internet facing server. No clients are connected to the internet facing server.
Do you know exactly what permissions should be on the D: D:\WSUS D:\WSUS Content folders and the D:WSUS\updateservicedbfile
Also the exact permissions needed on the IIS default website?
Do you think my problem may be that I did a simple copy and past of the update files to the D:\wsus\wsus content folder? I did do the export and import of the metadata as required.
Do you know exactly what permissions should be on the D: D:\WSUS D:\WSUS Content folders and the D:WSUS\updateservicedbfile
Also the exact permissions needed on the IIS default website?
Do you think my problem may be that I did a simple copy and past of the update files to the D:\wsus\wsus content folder? I did do the export and import of the metadata as required.
Did you check the status of "Security Update for Windows 7 for x64-based System (KB2579686)" (for example) on the internet facing server to be sure it has been downloaded ?
ASKER
No, unfortunately I do not control the internet facing WSUS. Is this KB something we should check for? Or is this an example? According to my partner, he approved all updates and waited for them to finish updating. What is the best way to ensure they did in fact finish updating?
As I stated in my post, he downloaed 10.97GB of updates and thats exactly what I have now on my offline wsus.
As I stated in my post, he downloaed 10.97GB of updates and thats exactly what I have now on my offline wsus.
ASKER
I will see if he can build a test server on his side and then apply all patches to it to see if he runs into the same issue.
I've just picked the oulined KB in your screenshot... 10 Gb does not seem a huge amount of data.
If you do not have access to the source server, you will have some difficulty to debug.
Good luck.
If you do not have access to the source server, you will have some difficulty to debug.
Good luck.
ASKER
He only got updates for server 2008 and windows 7 and office products.
Yes, I agree without access to the source server this is going to be difficult.
Yes, I agree without access to the source server this is going to be difficult.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Mike,
thanks for all your assistance. It actually seems like the updates may have not all been downloaded from the source server to begin with. My fellow engineer originally handed me a disk with 10.7 GB of data for about 3000 updates. After redoing the synce and doing a control A to highlight all the updates and then doing the approve for install the size of the data has grown to about 20GB. I think this makes a lot of sense. Anyway, i will be trying to complete the Import of the metadata and the robocopy of the update files today. Will keep you informed.
thanks for all your assistance. It actually seems like the updates may have not all been downloaded from the source server to begin with. My fellow engineer originally handed me a disk with 10.7 GB of data for about 3000 updates. After redoing the synce and doing a control A to highlight all the updates and then doing the approve for install the size of the data has grown to about 20GB. I think this makes a lot of sense. Anyway, i will be trying to complete the Import of the metadata and the robocopy of the update files today. Will keep you informed.
ASKER
I have done a robocopy /mir of my wsus content. I imported my metadata. After I brought in my wsus content files and did the import of metadata I then started my WSUS service.
I copied the metadata cab file to the C:\program files\update services\tools folder then ran the import as:
c:\program files\update services\tools> wsusutil import wsus.cab wsus.log
Do I need to specify where to import it to? ie.
wsusutil import wsus.cab wsus.log D:\updateservicedbfiles
How do I get the WSUS Admin console to reset? It is still showing files approved but not downloaded with red x from my initial problem. If I run the wsusutil /reset will this help restore some sanity to my WSUS Admin console?
Shouldn't all the updates be showing unapproved on my offline wsus?
Also, I brought in about 20GB of update files and my metadata file is about 10 MB. Does that sound correct? Also, the wsusutil import wsus.cab wsus.log job only took about 15 minutes? Does that sound correct?
I keep reading it should take about 3 hours for this to import?
I copied the metadata cab file to the C:\program files\update services\tools folder then ran the import as:
c:\program files\update services\tools> wsusutil import wsus.cab wsus.log
Do I need to specify where to import it to? ie.
wsusutil import wsus.cab wsus.log D:\updateservicedbfiles
How do I get the WSUS Admin console to reset? It is still showing files approved but not downloaded with red x from my initial problem. If I run the wsusutil /reset will this help restore some sanity to my WSUS Admin console?
Shouldn't all the updates be showing unapproved on my offline wsus?
Also, I brought in about 20GB of update files and my metadata file is about 10 MB. Does that sound correct? Also, the wsusutil import wsus.cab wsus.log job only took about 15 minutes? Does that sound correct?
I keep reading it should take about 3 hours for this to import?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
mike, i am up and running. the issue the whole time was the source wsus never got all the updates to begin with.
my next question is when i do my next import, does wsus remember all the patches i have already pushed?
How do you manage that?
What do you do with the superceded updates? I have read some people just deny them others approve and install them? What about you?
my next question is when i do my next import, does wsus remember all the patches i have already pushed?
How do you manage that?
What do you do with the superceded updates? I have read some people just deny them others approve and install them? What about you?
Hi. Glad it's all working now.
The machines know what patches they have so WSUS only pushes what's missing, effectively remembering.
With superseded updates I use SCCM so it's slightly different. I would not approve them and ideally run a script to delete them on some schedule.
Mike
The machines know what patches they have so WSUS only pushes what's missing, effectively remembering.
With superseded updates I use SCCM so it's slightly different. I would not approve them and ideally run a script to delete them on some schedule.
Mike
ASKER
Thanks Mike, you've been a blessing. I am going to decline the superceded. I will only be running 2008 R2 and win 7 X64 so i will never bring any older systems online. This is a dev net.
were the update approved on the source server ?
Did clients already successfully install missing patch from source server ?
Regards