SBS 2011 Standard server stopped receiving update notifications

I’ve got an SBS 2011 Standard server that’s been in service for a bit over two years.

During most of that time, the server has frequently received automatic notification of various security fixes and other updates via Windows Update. (The server is configured to automatically download updates but not install them until instructed to.)

Lately however, it occurred to me that the only updates the server has receiving notifications about are the monthly updates to the Exchange Anti-Spam filters.

So I checked the server’s update history, and sure enough, 5/26/2013 is the last time the server got an update other than the Anti-Spam one.

I then clicked within WU to manually check for updates, and now it reports 5+ months worth of updates-- 9 important and 51 optional updates available for the server.

I’m unaware of any reason why the server would suddenly stop receiving update notifications, and I'm not really sure how to go about troubleshooting it.

Does anyone have any suggestions on how to make this server receive automatic update notifications and downloads again?
Who is Participating?
Cris HannaConnect With a Mentor Commented:
The first rule with SBS is use the wizards/sbs console.   If you open the SBS Console > Security > Updates....this is where you should be managing updates and approving.

There are certain updates for the workstations that are automatically approved and deployed to workstations and the workstations are updated overnight, assuming the PC is on

The Server is set by default to  approve and download important updates but not install them automatically.   Optional updates must be approved in the SBS Console

The ONLY time you should into the WSUS Console is to remove workstations that are no longer on the network.

You can get the complete guide to repairing WSUS on SBS 2011 to it's default state using this guide
Donald StewartNetwork AdministratorCommented:
Is the server configured to get updates from WSUS ?

If so, are the updates approved ?
Joe2009Author Commented:
>>>Is the server configured to get updates from WSUS ?

>>>If so, are the updates approved ?

Good questions.

As you are probably aware, WSUS is built-in with SBS 2011 Standard. (I should state that I am largely ignorant as to how WSUS works under the hood.) I haven't had much interaction with WSUS-- it's pretty much run on autopilot keeping the clients updated, and I've never needed to do anything with it other than periodically purge old computers that were removed from the network. I've certainly never had to approve any updates in order for them to get to the clients . My assumption was that as part of the default SBS configuration WSUS was set to automatically approve and distribute critical updates on the clients.

In any event, when I check WSUS, the server is not on the Update Services Client Computers list, only on the Update Services Server list, which I take to mean that the server isn't using WSUS to manage it's own updates?

For what it's worth, if I view All Updates in WSUS, there are nearly 10,000 listed dating back to when the server was put into service in mid-2011. All of the updates are shown as Not Approved.
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Donald StewartNetwork AdministratorCommented:
You can narrow down your views in WSUS to "Needed"

On the server in question you can quickly verify whether or not it's using WSUS with a Reg query in cmd prompt

reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

This should give you a better idea how it should be configured
Joe2009Author Commented:
Thanks very much. I'll look this stuff over and see what I can make of it. (It will probably take me a couple of days to get through it before I can post an update.)
Joe2009Author Commented:
I went over the links you provided, but unfortunately, they don't seem to provide anything actionable.

That reg query on the server returns a result, indicating that it's being managed by WSUS (makes sense, since I see the server in the WSUS Console).

However, when I click the "Change software update settings" in SBS Console, I don't get the warning cited in that first article, which also makes sense because I never changed any of the WSUS default settings.

And if there's one thing that made an impression on me in those linked articles, it's this:

Important: If you go into the native WSUS 3.0 SP1 console and change these default settings, SBS Update Services will detect this and shut down. In order to guarantee the accuracy and reliability of its reporting function, it requires WSUS to be configured with these settings...

...which would seem to indicate fairly clearly that tinkering with those settings (which again, do not appear to have ever been changed in the first place) is not something I should do on SBS.

Also, I've noticed that just like that other EE thread you pointed me toward, if I click "Check inline for updates from Microsoft Update" I'm told that there are the 9+51 updates available, most of which are from years ago (including many that were issued before the server went online in 8/2011).

But then if I subsequently click "Check for updates managed by your system administrator", it says no updates are needed.

Not really sure what to make of all this. Any further suggestions would be appreciated.

Joe2009Author Commented:
Follow up question:

Is the "View update history" link in Windows Update a comprehensive list of all the updates the server got, even if they were automatically approved/downloaded/installed via WSUS?

Because according to that list, the last update the server got (other than Exchange Anti-spam filters) was KB2840149 on 5/26/2013, and there must have been many security patches issued for SBS 2011 since the end of May.

Yet, if I look up the server properties under Security|Updates, it reports zero missing updates.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.