SolvedPrivate

WSUS Server Not Conencting to Clients Correctly

Posted on 2013-11-18
51
30 Views
Last Modified: 2016-02-21
Hello:

I have a project to setup a WSUS server.  For setup, I have used notes and suggestions from http://www.youtube.com/watch?v=f4_UoxXJ9Cg .  This projects includes:

1. 64-bit Windows 2008 R2 Standard Server Sp1.

2. 2 Test Windows 7 professional Computers.
      a.  1 PC is a 64-bit PC.
      b.  1 PC is a 32-bit PC.


This project was actually already started by another administrator that has since left the company; but, the finishing touches were never applied.  

As I was realizing how everything was already installed/configured everthing seemed to be in place.  I did make some minor changes in the GPO, for client side targeting.  I moved the clients (in Active Directory) to the 'WSUS Test' OU and then linked the WSUS GPO to the respected OU.  

The designated Clients show up in the WSUS computer groups; but, I cannot get the approved updates to get installed.

The version of the WSUS software on our WSUS Server is 3.27600.226

version.PNG
I can see the respected clients show up in the WSUS Computer groups; but, they do not give back any status.  Please see the picture below:

notReportedStatusyet.PNG
I can tell on the client that the Windows Update Settings are controlled by the WSUS Server; but, I cannot get the approved updates to actually install on the selected computers.

client-Settings-show.PNG
GPO-WinUpdates.PNG
I thought about un-linking the GPO and un-installing the WSUS software from the Server so I can start from scratch.  You now how it is a little confusing when you are working with another person's project.  But, I honestly feel that if I do that, the problem will not go away.  

I fear that the problem is tied to the fact that I cannot get a status update on the WSUS clients, from the WSUS Server.  Very weird, I can see the clients, the clients are linked to the WSUS Server; but, I cannnot get the Approved updates to become installed on the WSUS client PC's.

My question is, how can I get the Approved updates to be insatlled on the WSUS clients?
0
Comment
Question by:Pkafkas
  • 32
  • 18
51 Comments
 

Author Comment

by:Pkafkas
ID: 39657759
Equally important, I do get emails from the WSUS Server that new updates have been synchronized on the WSUS server.
0
 
LVL 47

Expert Comment

by:dstewartjr
ID: 39657770
On a client are there errors in the windowsupdate.log?  <<reading from the bottom up.
0
 
LVL 47

Expert Comment

by:dstewartjr
ID: 39657817
Also you check your WSUS version on the homepage of the console

wsus
0
 

Author Comment

by:Pkafkas
ID: 39657893
Ok

1.  I have uploaded the a .txt file with some log inforamtion from today.
   

2.  I am note sure how to see the WSUS home page.
ConfigLog.txt
0
 
LVL 47

Expert Comment

by:dstewartjr
ID: 39657928
From the errors I see in that log look over

http://kaustubhghanekar.blogspot.com/2011/05/advanced-wsus-troubleshooting-for-error.html

You may also be missing the port # in your WSUS gpo config

check that it is  http://mogl-util1:8530
0
 

Author Comment

by:Pkafkas
ID: 39658210
http://mogl-util1:8530 does not come up with anything.  WSUS is not configured to be used with a special port.  

If I put http://mogl-util1

500 - Internal server error.
There is a problem with the resource you are looking for, and it cannot be displayed.

There are no additional errors after the above sentence.
0
 

Author Comment

by:Pkafkas
ID: 39658225
When I try to run the web page on the actual Server, http://mogl-utl1

I get the below web page.

error
0
 

Author Comment

by:Pkafkas
ID: 39658232
How am I supposed to now if I should put port 8530 in the GPO.  Everything that I have seen in the WSUS config is referencing port 80.

Maybe I should just start over from scratch instead of trying to use someone else's configurations.

Any ideas?
0
 

Author Comment

by:Pkafkas
ID: 39658259
The primary question is how to get the windows updates to be installed on the WSUS computer clients.

Does it have something to do with the WSUS Computer Clients not reporting their status yet?
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39658352
Try this on client computer which is not pulling the update from WSUS.
net stop bits
net stop wuauserv
From windows explorer:

Clear the contents of C:\Windows\SoftwareDistribution
Rename C:\Windows\WindowsUpdate.log to WindowsUpdate.log.old
From the registry delete the follwing keys

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\AccountDomainSid
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\PingID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SusClientId
 
From the command prompt again:

net start bits
net start wuauserv
wuauclt /detectnow /resetauthorization

Also run wsus diagnosis tool and check.http://technet.microsoft.com/en-us/windowsserver/bb466192.aspx
0
 

Author Comment

by:Pkafkas
ID: 39659077
I have only approved updates for 2 computers so Far.  Both computers are not able to install updates.

There are a total of 4 computers that are WSUS clients.  All 4 computers are not able to report their status yet; but, all 4 computers Show up in the WSUS Client group.

I will try the above suggestions; but, if I have to do the above for all of the new clients, that are added to the WSUS computer group, Then it seems like something else is wrong.
0
 

Author Comment

by:Pkafkas
ID: 39659078
Its not like some of the clients are working and some are not working.  All of the WSUS clients are not working.
0
 

Author Comment

by:Pkafkas
ID: 39659081
The WSUS Diagnostic tools seem promising:

http://technet.microsoft.com/en-us/windowsserver/bb466192.aspx
0
 
LVL 47

Assisted Solution

by:dstewartjr
dstewartjr earned 500 total points
ID: 39659457
@Sandeshdubey

This *NOT!!!* a duplicate SID issue. That will not fix  0x8024401f error.

@Pkafkas

FYI, the clientdiag tool will not work on 64 bit systems.

Did you go over http://kaustubhghanekar.blogspot.com/2011/05/advanced-wsus-troubleshooting-for-error.html ???

Where it mentions MIME types in IIS.


When you are in the WSUS console and on the left hand side under "Update Services" you click on your server name, this is the home page where you can see both the version and the port # being used
0
 
LVL 47

Accepted Solution

by:
dstewartjr earned 500 total points
ID: 39659664
If not the MIME look over this

http://support.myeasyprojects.net/KB/a104/http-error-50019-error-code-0x8007007e.aspx

Where you may need to disable compression
0
 

Author Comment

by:Pkafkas
ID: 39660102
it appears that we are using port 80 and the version is 3.2.7600.251

homepage
0
 

Author Comment

by:Pkafkas
ID: 39660106
The above screen shot also shows taht wer have 4 computers connected adn 7 updates approved.

The last synchronization was successfull; but did the updates actually download?
0
 

Author Comment

by:Pkafkas
ID: 39660110
I still am not aware why the computers are not reporting the status back to the WSUS server.
0
 
LVL 47

Expert Comment

by:dstewartjr
ID: 39660132
Lets first get your WSUS updated

http://support.microsoft.com/kb/2734608
0
 
LVL 47

Assisted Solution

by:dstewartjr
dstewartjr earned 500 total points
ID: 39660133
The "Download Status" from your screencap is where you check if the files have been downloaded
0
 
LVL 47

Assisted Solution

by:dstewartjr
dstewartjr earned 500 total points
ID: 39660168
Also from your screenshot I see that you have "Approved 7 updates"

unless these are "Needed" updates by your clients, they wont download/detect anything.

Click on "Updates">>"All Updates" >>>set approval to "Any Except Declined" and the "Status" to "Needed" and refresh>>>now you can approve updates that your clients will detect.

Have you setup automatic approval rules ???
0
 

Author Comment

by:Pkafkas
ID: 39660881
Ok,

I clicked on "Updates">>"All Updates"
>>>set approval to "Any Except Declined"  
"Status" to "Needed"

and then clicked the refresh button.

No updates were shown.  See the screen shot.

Needed
0
 

Author Comment

by:Pkafkas
ID: 39661121
Hello dstewartjr,

I did go to the web site that you mentioned and MIME types are not an issue here.  There were no duplicates.
0
 

Author Comment

by:Pkafkas
ID: 39661127
So the clients are showing up in WSUS.

The approved updates do download to the WSUS server.  I was watching it as it was downloading, from the home page.

I cannot get any of the clients to show any status.  

Perhaps that is why the above query 'Show any updates except declined' shows not updates.  Probably because it cannot get the status from the Computers.
0
 

Author Comment

by:Pkafkas
ID: 39662348
I will try to update the WSUS Server.

http://support.microsoft.com/kb/2734608

It appears that I will have to apply this update on the client computers as well.  Or did I not understand the article correctly?
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 47

Expert Comment

by:dstewartjr
ID: 39662748
Only to the WSUS server, your clients most likely have a newer version of the wuaclt.exe than the WSUS server...This is what that update addresses.
0
 

Author Comment

by:Pkafkas
ID: 39664070
Ok, dstewartjr

Well 1 thing is fixed, you mentioend befor to disabbel compression on the WSUS Server (64-bit).

http://support.myeasyprojects.net/KB/a104/http-error-50019-error-code-0x8007007e.aspx

Specificall the web site to run the command:

"%windir%\system32\inetsrv\appcmd.exe set config -section:system.webServer/httpCompression /-[name='xpress']"  <enter>  

I did do that and the http://servername looks better now; but, I do not think that has fixed the issue.

after diabled.
0
 
LVL 47

Assisted Solution

by:dstewartjr
dstewartjr earned 500 total points
ID: 39664091
That is what you should see. Are you prompted for a download when you use


http://mogl-utl1/iuident.cab

Now on a client run wuauclt /detectnow

What errors are in the windowsupdate.log (last 50 lines)

may also want to look over

http://technet.microsoft.com/en-us/magazine/gg153542.aspx
0
 

Author Comment

by:Pkafkas
ID: 39664183
Ok,

1.  On the server, I do get a prmpt to download or open the iuident.cab file.
         a.  Should I open or save that file?

2.  I do not get prompted if I try to go to taht web link ( http://mogl-utl1/iuident.cab ) from a client pc,


3.  I did run wuauclt /detectnow from 2 client WSUS compuers but nothing has changed from the WSUS server.
         a.  I still see no status reply yet from the Clients.
         b.  I have not restarted eitehr of them yet.  I will do that 9restart and ten see what happens).

4.   I have not updates to WSUS Service pack to yet either.
0
 

Author Comment

by:Pkafkas
ID: 39664222
I think we are on to something here:

1.  According to http://technet.microsoft.com/en-us/magazine/gg153542.aspx
        a.  if I cannot access http://mogl-utl1/iuident.cab from aclient then tehre si something wrong.


2.  Additioanlly, in Server manager I see some errors assocaited with the start-up for WSUS.

self-update stopped

3.  For the suggest comand, I actually did a seach and found that .vbs file in

C:\program files\update services\setup\InstallSelfupdateOnPort80.vbs

Should or can I just execute that .vbs from the windwos explorer folder?  Or must I use the command prompt?
0
 

Author Comment

by:Pkafkas
ID: 39664263
hey finally some progress, after I submitted my above post I wanted to see if one of the clients were showing after teh restert.  Now both clients that I ran wuauclt /detectnow on are reporting in.

getting status back

Should I still run that InstallSelfupdateOnPort80.vbs file?  I have not triggered tath .vbs yet.  I still cannot access http://mogl-utl1/iuident.cab from a client PC.
0
 
LVL 47

Expert Comment

by:dstewartjr
ID: 39664283
Should I still run that InstallSelfupdateOnPort80.vbs file?


It can only fix things, it wont break anything.

so yes
0
 
LVL 47

Assisted Solution

by:dstewartjr
dstewartjr earned 500 total points
ID: 39664296
You should use the command line to run the script
0
 

Author Comment

by:Pkafkas
ID: 39665937
Hey I "think" some updates did install on my 2 test computers last night.  

Now how can I verify that?  Is there a report that I can run?  To see which were installed form WSUS on any computer group from last night?

How can I verify if WSUS is installing updates on designated computers?
0
 
LVL 47

Expert Comment

by:dstewartjr
ID: 39666025
You can look at the last 50 or so lines of the windowsupdate.log
0
 

Author Comment

by:Pkafkas
ID: 39666081
It does not appear that anything got isntalled according to the WindowsUpdate.log, located on the \\mogl-util1\C$\Windows\WindowsUpdate.log
log-11212013.txt
0
 

Author Comment

by:Pkafkas
ID: 39666109
Is that is the case and the remaining updates that I have approved will nto get installed tonight.

I will check to morrow to see.  Please see the attached screen shot below.

check1
Is there a way to run a report on a specific computer, from the reports module?  I winder what else must I do?
0
 
LVL 47

Expert Comment

by:dstewartjr
ID: 39666513
It does not appear that anything got isntalled according to the WindowsUpdate.log, located on the \\mogl-util1\C$\Windows\WindowsUpdate.log

No, you need to look at the windowsupdate.log on client....not server

This client is not getting the WSUS GPO

2013-11-20      15:25:45:327       904      e38      Agent        * WSUS server: <NULL>
2013-11-20      15:25:45:327       904      e38      Agent        * WSUS status server: <NULL>

Yes, you can run reports...just double click on a highlighted update
0
 

Author Comment

by:Pkafkas
ID: 39666654
Ok,

I just added 6 updates to be downlaoded and installed, from WSUS.

check compare on Friday
I just noticed that a windows update prompt is available on 1 of my test computers.

start-wu
That was not there before.

I guess we will wait and see for tonight.  Perhaps the updates that i seelcted in the past were nto needed and with no status showing there was no way to tell.  And perhaps if any updates did install last night, tehy did not require a reboot.

I do not see anything from this morniong at 4:00 am (11/21/2013 - See attached:  Around_4Oclock_11212013.txt

I also attached the client Windows Update Log file.  Log_Client_11212013.txt  I see a lot of:

2013-11-21      11:05:39:708       436      11c4      DnldMgr        * Regulation call complete. 0x00000000
2013-11-21      11:05:39:708       436      11c4      DnldMgr      ***********  DnldMgr: New download job [UpdateId = {C15A4671-66BE-41B0-84E7-9E697FC3E4DA}.200]  ***********
2013-11-21      11:05:39:708       436      11c4      DnldMgr      Regulation: {7971F918-A847-4430-9279-4A52D1EFE18D} - Update C15A4671-66BE-41B0-84E7-9E697FC3E4DA is "PerUpdate" regulated and can NOT download. Sequence 9306 vs AcceptRate 5000.
2013-11-21      11:05:39:708       436      11c4      DnldMgr        * Update is not allowed to download due to regulation.
Around-4Oclock-11212013.txt
Log-Client-11212013.txt
0
 

Author Comment

by:Pkafkas
ID: 39666679
This client I am woring on can see teh WSUS server:

2013-11-20      18:10:36:114       436      2d4      AU        # WSUS server: http://mogl-util1
2013-11-20      18:10:36:114       436      2d4      AU        # Detection frequency: 22

So that is a good thing at least.  Lets see what happens tonight.
0
 
LVL 47

Expert Comment

by:dstewartjr
ID: 39666737
From one of your earlier posts

As I was realizing how everything was already installed/configured everthing seemed to be in place.  I did make some minor changes in the GPO, for client side targeting.  I moved the clients (in Active Directory) to the 'WSUS Test' OU

And then from your log

 
target group = , DNS name = mogl00005d0710.w8521domain.com

The client is not picking up the target group

which setting did you select in WSUS

reg
0
 

Author Comment

by:Pkafkas
ID: 39666881
Good call,

I just changed this to select the Group Policy or registry settings.

computers
Should I run a wuauclt /detectnow again on teh 2 test PC's?

I suppose it could not hurt.  And then check the logs.
0
 
LVL 47

Expert Comment

by:dstewartjr
ID: 39666908
No, it wont hurt
0
 

Author Comment

by:Pkafkas
ID: 39667095
I see some good and not so good notes, after I ran "wuauclt /detectnow" again.  And did a restart of the PC.

I see windows updates waiting to be installed.

I see some settings stating to instal at 4:00 am.

But I still see "target group = , DNS name = mogl00005d0710.w8521domain.com"

Please se teh attachment.  Maybe it just needs a little imt to ckick in?

I see the other test PC has a prompt tiinstall updates by the start button as well.

wupromptAfer-Restart-and-manual-update.txt
0
 

Author Comment

by:Pkafkas
ID: 39668922
It appears that someof the updates got installed; but, not all of them

But it is progress.

Please see the 'approved' & 'needed' updates screen/query.

 compare_after
0
 

Author Comment

by:Pkafkas
ID: 39668956
Hello dstewartjr,

From one of your comments above:
 
which setting did you select in WSUS

computer_group_assiciations
which selection should I have set?

The top or the bottom option?

- Use Update Service Console.
- Use Group Policy or Group Settings on Computer?

It appears that the WSUS server did install the udpates anyway; but, I would prefer to delegate specific Computers to a specific WSUS Group as indicated below.  


- Windows_7_prof
- Windows_7_prof64
- Windows_2008R264

Perhaps having the previous setting (update from the Services Console) is better for what I want.  As long as it works, with teh updates I am fine with seperating the coputers into WSUS groups.
0
 

Author Comment

by:Pkafkas
ID: 39668969
Right now all of the computers are in the unnassigned group.

unassigned
I will probably have to change the setting from tehj above pic and then do a "wuauclt /detectnow" on the clients and then restart.

Then see if I can delegate the computers to the groups.  Do you concur?
0
 
LVL 47

Assisted Solution

by:dstewartjr
dstewartjr earned 500 total points
ID: 39668997
I prefer the bottom selection. Also I have found that it's only necessary to separate workstations from servers with ClientSide Targeting. The workstations so they can be set to option 4 "Schedule and install the updates" and the Servers to Option "3 = Automatically download and notify of installation." <<Then on servers I can manually choose when and what updates to install"

You should also configure automatic approval rules.

http://technet.microsoft.com/en-us/library/cc708458%28v=ws.10%29.aspx

Best Practices

http://technet.microsoft.com/en-us/library/cc720525%28v=ws.10%29.aspx
0
 

Author Comment

by:Pkafkas
ID: 39669091
Oh, so  you are suggesting to have seperate WSUS Group Policies:

1. One GPO designed for workstations.  

2.  One GPO designed for Servers.

that makes sence becasue one may have the same GPO linked to different OU's.  Is that correct?
0
 
LVL 47

Assisted Solution

by:dstewartjr
dstewartjr earned 500 total points
ID: 39669190
Yes, you need a separate GPO for each instance of client side targeting(workstations, servers..etc)
0
 

Author Comment

by:Pkafkas
ID: 39669289
i Iill look at these best practices items over and thanks for everything.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

OfficeMate Freezes on login or does not load after login credentials are input.
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now