Solved

SBS 2011 Standard server stopped receiving update notifications

Posted on 2013-11-05
10
80 Views
Last Modified: 2015-07-24
I’ve got an SBS 2011 Standard server that’s been in service for a bit over two years.

During most of that time, the server has frequently received automatic notification of various security fixes and other updates via Windows Update. (The server is configured to automatically download updates but not install them until instructed to.)

Lately however, it occurred to me that the only updates the server has receiving notifications about are the monthly updates to the Exchange Anti-Spam filters.

So I checked the server’s update history, and sure enough, 5/26/2013 is the last time the server got an update other than the Anti-Spam one.

I then clicked within WU to manually check for updates, and now it reports 5+ months worth of updates-- 9 important and 51 optional updates available for the server.

I’m unaware of any reason why the server would suddenly stop receiving update notifications, and I'm not really sure how to go about troubleshooting it.

Does anyone have any suggestions on how to make this server receive automatic update notifications and downloads again?
0
Comment
Question by:Joe2009
  • 4
  • 3
10 Comments
 
LVL 47

Expert Comment

by:dstewartjr
Comment Utility
Is the server configured to get updates from WSUS ?

If so, are the updates approved ?
0
 

Author Comment

by:Joe2009
Comment Utility
>>>Is the server configured to get updates from WSUS ?

>>>If so, are the updates approved ?

Good questions.

As you are probably aware, WSUS is built-in with SBS 2011 Standard. (I should state that I am largely ignorant as to how WSUS works under the hood.) I haven't had much interaction with WSUS-- it's pretty much run on autopilot keeping the clients updated, and I've never needed to do anything with it other than periodically purge old computers that were removed from the network. I've certainly never had to approve any updates in order for them to get to the clients . My assumption was that as part of the default SBS configuration WSUS was set to automatically approve and distribute critical updates on the clients.

In any event, when I check WSUS, the server is not on the Update Services Client Computers list, only on the Update Services Server list, which I take to mean that the server isn't using WSUS to manage it's own updates?

For what it's worth, if I view All Updates in WSUS, there are nearly 10,000 listed dating back to when the server was put into service in mid-2011. All of the updates are shown as Not Approved.
0
 
LVL 47

Expert Comment

by:dstewartjr
Comment Utility
You can narrow down your views in WSUS to "Needed"

On the server in question you can quickly verify whether or not it's using WSUS with a Reg query in cmd prompt

reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

This should give you a better idea how it should be configured

http://blogs.technet.com/b/sbs/archive/2009/06/23/update-services-in-sbs-2008.aspx
0
 
LVL 47

Expert Comment

by:dstewartjr
Comment Utility
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:Joe2009
Comment Utility
Thanks very much. I'll look this stuff over and see what I can make of it. (It will probably take me a couple of days to get through it before I can post an update.)
0
 

Author Comment

by:Joe2009
Comment Utility
I went over the links you provided, but unfortunately, they don't seem to provide anything actionable.

That reg query on the server returns a result, indicating that it's being managed by WSUS (makes sense, since I see the server in the WSUS Console).

However, when I click the "Change software update settings" in SBS Console, I don't get the warning cited in that first article, which also makes sense because I never changed any of the WSUS default settings.

And if there's one thing that made an impression on me in those linked articles, it's this:

Important: If you go into the native WSUS 3.0 SP1 console and change these default settings, SBS Update Services will detect this and shut down. In order to guarantee the accuracy and reliability of its reporting function, it requires WSUS to be configured with these settings...

...which would seem to indicate fairly clearly that tinkering with those settings (which again, do not appear to have ever been changed in the first place) is not something I should do on SBS.

Also, I've noticed that just like that other EE thread you pointed me toward, if I click "Check inline for updates from Microsoft Update" I'm told that there are the 9+51 updates available, most of which are from years ago (including many that were issued before the server went online in 8/2011).

But then if I subsequently click "Check for updates managed by your system administrator", it says no updates are needed.

Not really sure what to make of all this. Any further suggestions would be appreciated.

Joe
0
 

Author Comment

by:Joe2009
Comment Utility
Follow up question:

Is the "View update history" link in Windows Update a comprehensive list of all the updates the server got, even if they were automatically approved/downloaded/installed via WSUS?

Because according to that list, the last update the server got (other than Exchange Anti-spam filters) was KB2840149 on 5/26/2013, and there must have been many security patches issued for SBS 2011 since the end of May.

Yet, if I look up the server properties under Security|Updates, it reports zero missing updates.

Joe
0
 
LVL 35

Accepted Solution

by:
Cris Hanna earned 500 total points
Comment Utility
The first rule with SBS is use the wizards/sbs console.   If you open the SBS Console > Security > Updates....this is where you should be managing updates and approving.

There are certain updates for the workstations that are automatically approved and deployed to workstations and the workstations are updated overnight, assuming the PC is on

The Server is set by default to  approve and download important updates but not install them automatically.   Optional updates must be approved in the SBS Console

The ONLY time you should into the WSUS Console is to remove workstations that are no longer on the network.

You can get the complete guide to repairing WSUS on SBS 2011 to it's default state using this guide
http://technet.microsoft.com/en-us/library/gg680316.aspx
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

this article is a guided solution for most of the common server issues in server hardware tasks we are facing in our routine job works. the topics in the following article covered are, 1) dell hardware raidlevel (Perc) 2) adding HDD 3) how t…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
This video discusses moving either the default database or any database to a new volume.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now