mikey250
asked on
wsus showing all machines 100% query
hi i am running a win 2003 domain via isa 2006 domain member server
i am also running a wsus domain member server and all machines show as 100% updated
i have not logged onto my master dc/ad/dns/dhcp server and accessed 'windows update' direct and found that there are still quite a few updates to download...!!!
question 1. why has this happened ?
question 2. should i download these updates directly from the 'windows update' site and ignore the fact that they have not been detected by my wsus yet ?
i am also running a wsus domain member server and all machines show as 100% updated
i have not logged onto my master dc/ad/dns/dhcp server and accessed 'windows update' direct and found that there are still quite a few updates to download...!!!
question 1. why has this happened ?
question 2. should i download these updates directly from the 'windows update' site and ignore the fact that they have not been detected by my wsus yet ?
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
- When Windows Updates are not downloaded properly onto your WSUS Database, your Client system will consider the date what WSUS Server is giving them. So what ever Patches are available on WSUS Servers, according to that only your Client system will calculate their Compliance level.
- You need to download the latest Updates from the Windows Update Website, Approve them for your Client Groups if you have created any.
- Execute below command on your Client to forcefully ask them to pull fresh updates.
Try below commands from your Clients and see if they see newer updates.
wuauclt /detectnow
wuauclt /reportnow
Also you can try deleting SusClientID from Registry and re-register your Client in WSUS.
Stop Windows Update / Automatic Updates Service on the Client
HKEY_LOCAL_MACHINE\SOFTWAR E\Microsof t\Windows\ CurrentVer sion\Windo wsUpdate
From above delete the Key SusClientID
wuauclt /resetauthorization
wuauclt /detectnow
wuauclt /reportnow
Now your server should re appear in Unassigned Computer, you can move them under proper Group in WSUS. Later you can again run
wuauclt /detectnow
wuauclt /reportnow
And see if it makes any difference.
- You need to download the latest Updates from the Windows Update Website, Approve them for your Client Groups if you have created any.
- Execute below command on your Client to forcefully ask them to pull fresh updates.
Try below commands from your Clients and see if they see newer updates.
wuauclt /detectnow
wuauclt /reportnow
Also you can try deleting SusClientID from Registry and re-register your Client in WSUS.
Stop Windows Update / Automatic Updates Service on the Client
HKEY_LOCAL_MACHINE\SOFTWAR
From above delete the Key SusClientID
wuauclt /resetauthorization
wuauclt /detectnow
wuauclt /reportnow
Now your server should re appear in Unassigned Computer, you can move them under proper Group in WSUS. Later you can again run
wuauclt /detectnow
wuauclt /reportnow
And see if it makes any difference.
ASKER
hi reach2sandeep, yes ive carried out all that advice previously, hence all machines showing previously 100%.
all appears ok so far and my machines have detected more updates, which i am now installing.
note: i just was not expecting more updates, once my machines already showed 100% - it appears i should leave wsus on to ensure no more updates to be installed.
i appreciate your comments anyway!!:)
all appears ok so far and my machines have detected more updates, which i am now installing.
note: i just was not expecting more updates, once my machines already showed 100% - it appears i should leave wsus on to ensure no more updates to be installed.
i appreciate your comments anyway!!:)
So, there it is "yes my wsus just downloaded some updates which have (not been approved),"
I have answered your question.
@reach2sandeep
What in the world does the SUSclientid have to do with the clients reporting status??? ---NOTHING
I have answered your question.
@reach2sandeep
What in the world does the SUSclientid have to do with the clients reporting status??? ---NOTHING
ASKER
hi dstewartjr, this is a tricky one, on who to allocate points to, but as my wsus appears to be ok anyway and just queried those updates that i wanted to know about and as my machines eventually seemed to sync automatically and receive the updates without (only in this case).
i think it probably fair to allocate points half each, as reach2sandeep, did also put some good repeat advice anyway, just incase my issue was not that simple, but it was ok as i left my machines to sync themselves. (the reason i suppose for my issue was probably because i switched my wsus for a couple of days!
i appreciate the response anyway!!
i think it probably fair to allocate points half each, as reach2sandeep, did also put some good repeat advice anyway, just incase my issue was not that simple, but it was ok as i left my machines to sync themselves. (the reason i suppose for my issue was probably because i switched my wsus for a couple of days!
i appreciate the response anyway!!
ASKER
yes my wsus just downloaded some updates which have (not been approved), even though all my machines are pre-approved for all products/classifications that i selected except for (drivers) - even though most are for itanium and 64bit, but im only running 32 bit - why have they not approved ?
note: these updates dont appear to match what the wsus has downloaded
my master dc has however just detected some updates which are currently downloading to my machine as it shows on the bottom right side of screen the (yellow shield).. so i will install once complete anyway!!!
uuuuummmm
ive just rebooted my wsus again and now my machines have changed from: 100% to 97/98/99% - ok so it obviously has not completed its updates
note: i am trying to get my cisco 2950 to sync with my master dc via ntp server which i have configured on my master dc, so im hoping that some update may also be ready to download!!!!! i hope so as all appears ok so far!!! any suggestions ?