SBS 2011 Standard server stopped receiving update notifications

Posted on 2013-11-05
Last Modified: 2015-07-24
I’ve got an SBS 2011 Standard server that’s been in service for a bit over two years.

During most of that time, the server has frequently received automatic notification of various security fixes and other updates via Windows Update. (The server is configured to automatically download updates but not install them until instructed to.)

Lately however, it occurred to me that the only updates the server has receiving notifications about are the monthly updates to the Exchange Anti-Spam filters.

So I checked the server’s update history, and sure enough, 5/26/2013 is the last time the server got an update other than the Anti-Spam one.

I then clicked within WU to manually check for updates, and now it reports 5+ months worth of updates-- 9 important and 51 optional updates available for the server.

I’m unaware of any reason why the server would suddenly stop receiving update notifications, and I'm not really sure how to go about troubleshooting it.

Does anyone have any suggestions on how to make this server receive automatic update notifications and downloads again?
Question by:Joe2009
  • 4
  • 3
LVL 47

Expert Comment

by:Donald Stewart
ID: 39625635
Is the server configured to get updates from WSUS ?

If so, are the updates approved ?

Author Comment

ID: 39627620
>>>Is the server configured to get updates from WSUS ?

>>>If so, are the updates approved ?

Good questions.

As you are probably aware, WSUS is built-in with SBS 2011 Standard. (I should state that I am largely ignorant as to how WSUS works under the hood.) I haven't had much interaction with WSUS-- it's pretty much run on autopilot keeping the clients updated, and I've never needed to do anything with it other than periodically purge old computers that were removed from the network. I've certainly never had to approve any updates in order for them to get to the clients . My assumption was that as part of the default SBS configuration WSUS was set to automatically approve and distribute critical updates on the clients.

In any event, when I check WSUS, the server is not on the Update Services Client Computers list, only on the Update Services Server list, which I take to mean that the server isn't using WSUS to manage it's own updates?

For what it's worth, if I view All Updates in WSUS, there are nearly 10,000 listed dating back to when the server was put into service in mid-2011. All of the updates are shown as Not Approved.
LVL 47

Expert Comment

by:Donald Stewart
ID: 39627731
You can narrow down your views in WSUS to "Needed"

On the server in question you can quickly verify whether or not it's using WSUS with a Reg query in cmd prompt

reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

This should give you a better idea how it should be configured
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

LVL 47

Expert Comment

by:Donald Stewart
ID: 39627741

Author Comment

ID: 39627810
Thanks very much. I'll look this stuff over and see what I can make of it. (It will probably take me a couple of days to get through it before I can post an update.)

Author Comment

ID: 39639107
I went over the links you provided, but unfortunately, they don't seem to provide anything actionable.

That reg query on the server returns a result, indicating that it's being managed by WSUS (makes sense, since I see the server in the WSUS Console).

However, when I click the "Change software update settings" in SBS Console, I don't get the warning cited in that first article, which also makes sense because I never changed any of the WSUS default settings.

And if there's one thing that made an impression on me in those linked articles, it's this:

Important: If you go into the native WSUS 3.0 SP1 console and change these default settings, SBS Update Services will detect this and shut down. In order to guarantee the accuracy and reliability of its reporting function, it requires WSUS to be configured with these settings...

...which would seem to indicate fairly clearly that tinkering with those settings (which again, do not appear to have ever been changed in the first place) is not something I should do on SBS.

Also, I've noticed that just like that other EE thread you pointed me toward, if I click "Check inline for updates from Microsoft Update" I'm told that there are the 9+51 updates available, most of which are from years ago (including many that were issued before the server went online in 8/2011).

But then if I subsequently click "Check for updates managed by your system administrator", it says no updates are needed.

Not really sure what to make of all this. Any further suggestions would be appreciated.


Author Comment

ID: 39639445
Follow up question:

Is the "View update history" link in Windows Update a comprehensive list of all the updates the server got, even if they were automatically approved/downloaded/installed via WSUS?

Because according to that list, the last update the server got (other than Exchange Anti-spam filters) was KB2840149 on 5/26/2013, and there must have been many security patches issued for SBS 2011 since the end of May.

Yet, if I look up the server properties under Security|Updates, it reports zero missing updates.

LVL 35

Accepted Solution

Cris Hanna earned 500 total points
ID: 39700137
The first rule with SBS is use the wizards/sbs console.   If you open the SBS Console > Security > Updates....this is where you should be managing updates and approving.

There are certain updates for the workstations that are automatically approved and deployed to workstations and the workstations are updated overnight, assuming the PC is on

The Server is set by default to  approve and download important updates but not install them automatically.   Optional updates must be approved in the SBS Console

The ONLY time you should into the WSUS Console is to remove workstations that are no longer on the network.

You can get the complete guide to repairing WSUS on SBS 2011 to it's default state using this guide

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
Moving your enterprise fax infrastructure from in-house fax machines and servers to the cloud makes sense — from both an efficiency and productivity standpoint. But does migrating to a cloud fax solution mean you will no longer be able to send or re…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question