SBS 2011 Standard server stopped receiving update notifications

Posted on 2013-11-05
Last Modified: 2015-07-24
I’ve got an SBS 2011 Standard server that’s been in service for a bit over two years.

During most of that time, the server has frequently received automatic notification of various security fixes and other updates via Windows Update. (The server is configured to automatically download updates but not install them until instructed to.)

Lately however, it occurred to me that the only updates the server has receiving notifications about are the monthly updates to the Exchange Anti-Spam filters.

So I checked the server’s update history, and sure enough, 5/26/2013 is the last time the server got an update other than the Anti-Spam one.

I then clicked within WU to manually check for updates, and now it reports 5+ months worth of updates-- 9 important and 51 optional updates available for the server.

I’m unaware of any reason why the server would suddenly stop receiving update notifications, and I'm not really sure how to go about troubleshooting it.

Does anyone have any suggestions on how to make this server receive automatic update notifications and downloads again?
Question by:Joe2009
  • 4
  • 3
LVL 47

Expert Comment

by:Donald Stewart
ID: 39625635
Is the server configured to get updates from WSUS ?

If so, are the updates approved ?

Author Comment

ID: 39627620
>>>Is the server configured to get updates from WSUS ?

>>>If so, are the updates approved ?

Good questions.

As you are probably aware, WSUS is built-in with SBS 2011 Standard. (I should state that I am largely ignorant as to how WSUS works under the hood.) I haven't had much interaction with WSUS-- it's pretty much run on autopilot keeping the clients updated, and I've never needed to do anything with it other than periodically purge old computers that were removed from the network. I've certainly never had to approve any updates in order for them to get to the clients . My assumption was that as part of the default SBS configuration WSUS was set to automatically approve and distribute critical updates on the clients.

In any event, when I check WSUS, the server is not on the Update Services Client Computers list, only on the Update Services Server list, which I take to mean that the server isn't using WSUS to manage it's own updates?

For what it's worth, if I view All Updates in WSUS, there are nearly 10,000 listed dating back to when the server was put into service in mid-2011. All of the updates are shown as Not Approved.
LVL 47

Expert Comment

by:Donald Stewart
ID: 39627731
You can narrow down your views in WSUS to "Needed"

On the server in question you can quickly verify whether or not it's using WSUS with a Reg query in cmd prompt

reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

This should give you a better idea how it should be configured
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

LVL 47

Expert Comment

by:Donald Stewart
ID: 39627741

Author Comment

ID: 39627810
Thanks very much. I'll look this stuff over and see what I can make of it. (It will probably take me a couple of days to get through it before I can post an update.)

Author Comment

ID: 39639107
I went over the links you provided, but unfortunately, they don't seem to provide anything actionable.

That reg query on the server returns a result, indicating that it's being managed by WSUS (makes sense, since I see the server in the WSUS Console).

However, when I click the "Change software update settings" in SBS Console, I don't get the warning cited in that first article, which also makes sense because I never changed any of the WSUS default settings.

And if there's one thing that made an impression on me in those linked articles, it's this:

Important: If you go into the native WSUS 3.0 SP1 console and change these default settings, SBS Update Services will detect this and shut down. In order to guarantee the accuracy and reliability of its reporting function, it requires WSUS to be configured with these settings...

...which would seem to indicate fairly clearly that tinkering with those settings (which again, do not appear to have ever been changed in the first place) is not something I should do on SBS.

Also, I've noticed that just like that other EE thread you pointed me toward, if I click "Check inline for updates from Microsoft Update" I'm told that there are the 9+51 updates available, most of which are from years ago (including many that were issued before the server went online in 8/2011).

But then if I subsequently click "Check for updates managed by your system administrator", it says no updates are needed.

Not really sure what to make of all this. Any further suggestions would be appreciated.


Author Comment

ID: 39639445
Follow up question:

Is the "View update history" link in Windows Update a comprehensive list of all the updates the server got, even if they were automatically approved/downloaded/installed via WSUS?

Because according to that list, the last update the server got (other than Exchange Anti-spam filters) was KB2840149 on 5/26/2013, and there must have been many security patches issued for SBS 2011 since the end of May.

Yet, if I look up the server properties under Security|Updates, it reports zero missing updates.

LVL 35

Accepted Solution

Cris Hanna earned 500 total points
ID: 39700137
The first rule with SBS is use the wizards/sbs console.   If you open the SBS Console > Security > Updates....this is where you should be managing updates and approving.

There are certain updates for the workstations that are automatically approved and deployed to workstations and the workstations are updated overnight, assuming the PC is on

The Server is set by default to  approve and download important updates but not install them automatically.   Optional updates must be approved in the SBS Console

The ONLY time you should into the WSUS Console is to remove workstations that are no longer on the network.

You can get the complete guide to repairing WSUS on SBS 2011 to it's default state using this guide

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
In a recent question ( here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question