SBS 2011 Standard server stopped receiving update notifications

Posted on 2013-11-05
Last Modified: 2015-07-24
I’ve got an SBS 2011 Standard server that’s been in service for a bit over two years.

During most of that time, the server has frequently received automatic notification of various security fixes and other updates via Windows Update. (The server is configured to automatically download updates but not install them until instructed to.)

Lately however, it occurred to me that the only updates the server has receiving notifications about are the monthly updates to the Exchange Anti-Spam filters.

So I checked the server’s update history, and sure enough, 5/26/2013 is the last time the server got an update other than the Anti-Spam one.

I then clicked within WU to manually check for updates, and now it reports 5+ months worth of updates-- 9 important and 51 optional updates available for the server.

I’m unaware of any reason why the server would suddenly stop receiving update notifications, and I'm not really sure how to go about troubleshooting it.

Does anyone have any suggestions on how to make this server receive automatic update notifications and downloads again?
Question by:Joe2009
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 47

Expert Comment

by:Donald Stewart
ID: 39625635
Is the server configured to get updates from WSUS ?

If so, are the updates approved ?

Author Comment

ID: 39627620
>>>Is the server configured to get updates from WSUS ?

>>>If so, are the updates approved ?

Good questions.

As you are probably aware, WSUS is built-in with SBS 2011 Standard. (I should state that I am largely ignorant as to how WSUS works under the hood.) I haven't had much interaction with WSUS-- it's pretty much run on autopilot keeping the clients updated, and I've never needed to do anything with it other than periodically purge old computers that were removed from the network. I've certainly never had to approve any updates in order for them to get to the clients . My assumption was that as part of the default SBS configuration WSUS was set to automatically approve and distribute critical updates on the clients.

In any event, when I check WSUS, the server is not on the Update Services Client Computers list, only on the Update Services Server list, which I take to mean that the server isn't using WSUS to manage it's own updates?

For what it's worth, if I view All Updates in WSUS, there are nearly 10,000 listed dating back to when the server was put into service in mid-2011. All of the updates are shown as Not Approved.
LVL 47

Expert Comment

by:Donald Stewart
ID: 39627731
You can narrow down your views in WSUS to "Needed"

On the server in question you can quickly verify whether or not it's using WSUS with a Reg query in cmd prompt

reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

This should give you a better idea how it should be configured
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

LVL 47

Expert Comment

by:Donald Stewart
ID: 39627741

Author Comment

ID: 39627810
Thanks very much. I'll look this stuff over and see what I can make of it. (It will probably take me a couple of days to get through it before I can post an update.)

Author Comment

ID: 39639107
I went over the links you provided, but unfortunately, they don't seem to provide anything actionable.

That reg query on the server returns a result, indicating that it's being managed by WSUS (makes sense, since I see the server in the WSUS Console).

However, when I click the "Change software update settings" in SBS Console, I don't get the warning cited in that first article, which also makes sense because I never changed any of the WSUS default settings.

And if there's one thing that made an impression on me in those linked articles, it's this:

Important: If you go into the native WSUS 3.0 SP1 console and change these default settings, SBS Update Services will detect this and shut down. In order to guarantee the accuracy and reliability of its reporting function, it requires WSUS to be configured with these settings...

...which would seem to indicate fairly clearly that tinkering with those settings (which again, do not appear to have ever been changed in the first place) is not something I should do on SBS.

Also, I've noticed that just like that other EE thread you pointed me toward, if I click "Check inline for updates from Microsoft Update" I'm told that there are the 9+51 updates available, most of which are from years ago (including many that were issued before the server went online in 8/2011).

But then if I subsequently click "Check for updates managed by your system administrator", it says no updates are needed.

Not really sure what to make of all this. Any further suggestions would be appreciated.


Author Comment

ID: 39639445
Follow up question:

Is the "View update history" link in Windows Update a comprehensive list of all the updates the server got, even if they were automatically approved/downloaded/installed via WSUS?

Because according to that list, the last update the server got (other than Exchange Anti-spam filters) was KB2840149 on 5/26/2013, and there must have been many security patches issued for SBS 2011 since the end of May.

Yet, if I look up the server properties under Security|Updates, it reports zero missing updates.

LVL 35

Accepted Solution

Cris Hanna earned 500 total points
ID: 39700137
The first rule with SBS is use the wizards/sbs console.   If you open the SBS Console > Security > Updates....this is where you should be managing updates and approving.

There are certain updates for the workstations that are automatically approved and deployed to workstations and the workstations are updated overnight, assuming the PC is on

The Server is set by default to  approve and download important updates but not install them automatically.   Optional updates must be approved in the SBS Console

The ONLY time you should into the WSUS Console is to remove workstations that are no longer on the network.

You can get the complete guide to repairing WSUS on SBS 2011 to it's default state using this guide

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

More or less everybody in the IT market understands the basics of Networking, however when we start talking about Storage Networks, things get a bit dizzier, and this is where I would like to help.
Learn about cloud computing and its benefits for small business owners.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question