Pkafkas
asked on
WSUS Server Not Conencting to Clients Correctly
Hello:
I have a project to setup a WSUS server. For setup, I have used notes and suggestions from http://www.youtube.com/watch?v=f4_UoxXJ9Cg . This projects includes:
1. 64-bit Windows 2008 R2 Standard Server Sp1.
2. 2 Test Windows 7 professional Computers.
a. 1 PC is a 64-bit PC.
b. 1 PC is a 32-bit PC.
This project was actually already started by another administrator that has since left the company; but, the finishing touches were never applied.
As I was realizing how everything was already installed/configured everthing seemed to be in place. I did make some minor changes in the GPO, for client side targeting. I moved the clients (in Active Directory) to the 'WSUS Test' OU and then linked the WSUS GPO to the respected OU.
The designated Clients show up in the WSUS computer groups; but, I cannot get the approved updates to get installed.
The version of the WSUS software on our WSUS Server is 3.27600.226
I can see the respected clients show up in the WSUS Computer groups; but, they do not give back any status. Please see the picture below:
I can tell on the client that the Windows Update Settings are controlled by the WSUS Server; but, I cannot get the approved updates to actually install on the selected computers.
I thought about un-linking the GPO and un-installing the WSUS software from the Server so I can start from scratch. You now how it is a little confusing when you are working with another person's project. But, I honestly feel that if I do that, the problem will not go away.
I fear that the problem is tied to the fact that I cannot get a status update on the WSUS clients, from the WSUS Server. Very weird, I can see the clients, the clients are linked to the WSUS Server; but, I cannnot get the Approved updates to become installed on the WSUS client PC's.
My question is, how can I get the Approved updates to be insatlled on the WSUS clients?
I have a project to setup a WSUS server. For setup, I have used notes and suggestions from http://www.youtube.com/watch?v=f4_UoxXJ9Cg . This projects includes:
1. 64-bit Windows 2008 R2 Standard Server Sp1.
2. 2 Test Windows 7 professional Computers.
a. 1 PC is a 64-bit PC.
b. 1 PC is a 32-bit PC.
This project was actually already started by another administrator that has since left the company; but, the finishing touches were never applied.
As I was realizing how everything was already installed/configured everthing seemed to be in place. I did make some minor changes in the GPO, for client side targeting. I moved the clients (in Active Directory) to the 'WSUS Test' OU and then linked the WSUS GPO to the respected OU.
The designated Clients show up in the WSUS computer groups; but, I cannot get the approved updates to get installed.
The version of the WSUS software on our WSUS Server is 3.27600.226
I can see the respected clients show up in the WSUS Computer groups; but, they do not give back any status. Please see the picture below:
I can tell on the client that the Windows Update Settings are controlled by the WSUS Server; but, I cannot get the approved updates to actually install on the selected computers.
I thought about un-linking the GPO and un-installing the WSUS software from the Server so I can start from scratch. You now how it is a little confusing when you are working with another person's project. But, I honestly feel that if I do that, the problem will not go away.
I fear that the problem is tied to the fact that I cannot get a status update on the WSUS clients, from the WSUS Server. Very weird, I can see the clients, the clients are linked to the WSUS Server; but, I cannnot get the Approved updates to become installed on the WSUS client PC's.
My question is, how can I get the Approved updates to be insatlled on the WSUS clients?
On a client are there errors in the windowsupdate.log? <<reading from the bottom up.
ASKER
Ok
1. I have uploaded the a .txt file with some log inforamtion from today.
2. I am note sure how to see the WSUS home page.
ConfigLog.txt
1. I have uploaded the a .txt file with some log inforamtion from today.
2. I am note sure how to see the WSUS home page.
ConfigLog.txt
From the errors I see in that log look over
http://kaustubhghanekar.blogspot.com/2011/05/advanced-wsus-troubleshooting-for-error.html
You may also be missing the port # in your WSUS gpo config
check that it is http://mogl-util1:8530
http://kaustubhghanekar.blogspot.com/2011/05/advanced-wsus-troubleshooting-for-error.html
You may also be missing the port # in your WSUS gpo config
check that it is http://mogl-util1:8530
ASKER
http://mogl-util1:8530 does not come up with anything. WSUS is not configured to be used with a special port.
If I put http://mogl-util1
500 - Internal server error.
There is a problem with the resource you are looking for, and it cannot be displayed.
There are no additional errors after the above sentence.
If I put http://mogl-util1
500 - Internal server error.
There is a problem with the resource you are looking for, and it cannot be displayed.
There are no additional errors after the above sentence.
ASKER
ASKER
How am I supposed to now if I should put port 8530 in the GPO. Everything that I have seen in the WSUS config is referencing port 80.
Maybe I should just start over from scratch instead of trying to use someone else's configurations.
Any ideas?
Maybe I should just start over from scratch instead of trying to use someone else's configurations.
Any ideas?
ASKER
The primary question is how to get the windows updates to be installed on the WSUS computer clients.
Does it have something to do with the WSUS Computer Clients not reporting their status yet?
Does it have something to do with the WSUS Computer Clients not reporting their status yet?
Try this on client computer which is not pulling the update from WSUS.
net stop bits
net stop wuauserv
From windows explorer:
Clear the contents of C:\Windows\SoftwareDistrib ution
Rename C:\Windows\WindowsUpdate.l og to WindowsUpdate.log.old
From the registry delete the follwing keys
HKLM\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \WindowsUp date\Accou ntDomainSi d
HKLM\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \WindowsUp date\PingI D
HKLM\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \WindowsUp date\SusCl ientId
From the command prompt again:
net start bits
net start wuauserv
wuauclt /detectnow /resetauthorization
Also run wsus diagnosis tool and check.http://technet.microsoft.com/en-us/windowsserver/bb466192.aspx
net stop bits
net stop wuauserv
From windows explorer:
Clear the contents of C:\Windows\SoftwareDistrib
Rename C:\Windows\WindowsUpdate.l
From the registry delete the follwing keys
HKLM\SOFTWARE\Microsoft\Wi
HKLM\SOFTWARE\Microsoft\Wi
HKLM\SOFTWARE\Microsoft\Wi
From the command prompt again:
net start bits
net start wuauserv
wuauclt /detectnow /resetauthorization
Also run wsus diagnosis tool and check.http://technet.microsoft.com/en-us/windowsserver/bb466192.aspx
ASKER
I have only approved updates for 2 computers so Far. Both computers are not able to install updates.
There are a total of 4 computers that are WSUS clients. All 4 computers are not able to report their status yet; but, all 4 computers Show up in the WSUS Client group.
I will try the above suggestions; but, if I have to do the above for all of the new clients, that are added to the WSUS computer group, Then it seems like something else is wrong.
There are a total of 4 computers that are WSUS clients. All 4 computers are not able to report their status yet; but, all 4 computers Show up in the WSUS Client group.
I will try the above suggestions; but, if I have to do the above for all of the new clients, that are added to the WSUS computer group, Then it seems like something else is wrong.
ASKER
Its not like some of the clients are working and some are not working. All of the WSUS clients are not working.
ASKER
The WSUS Diagnostic tools seem promising:
http://technet.microsoft.com/en-us/windowsserver/bb466192.aspx
http://technet.microsoft.com/en-us/windowsserver/bb466192.aspx
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The above screen shot also shows taht wer have 4 computers connected adn 7 updates approved.
The last synchronization was successfull; but did the updates actually download?
The last synchronization was successfull; but did the updates actually download?
ASKER
I still am not aware why the computers are not reporting the status back to the WSUS server.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ASKER
Hello dstewartjr,
I did go to the web site that you mentioned and MIME types are not an issue here. There were no duplicates.
I did go to the web site that you mentioned and MIME types are not an issue here. There were no duplicates.
ASKER
So the clients are showing up in WSUS.
The approved updates do download to the WSUS server. I was watching it as it was downloading, from the home page.
I cannot get any of the clients to show any status.
Perhaps that is why the above query 'Show any updates except declined' shows not updates. Probably because it cannot get the status from the Computers.
The approved updates do download to the WSUS server. I was watching it as it was downloading, from the home page.
I cannot get any of the clients to show any status.
Perhaps that is why the above query 'Show any updates except declined' shows not updates. Probably because it cannot get the status from the Computers.
ASKER
I will try to update the WSUS Server.
http://support.microsoft.com/kb/2734608
It appears that I will have to apply this update on the client computers as well. Or did I not understand the article correctly?
http://support.microsoft.com/kb/2734608
It appears that I will have to apply this update on the client computers as well. Or did I not understand the article correctly?
Only to the WSUS server, your clients most likely have a newer version of the wuaclt.exe than the WSUS server...This is what that update addresses.
ASKER
Ok, dstewartjr
Well 1 thing is fixed, you mentioend befor to disabbel compression on the WSUS Server (64-bit).
http://support.myeasyprojects.net/KB/a104/http-error-50019-error-code-0x8007007e.aspx
Specificall the web site to run the command:
"%windir%\system32\inetsrv \appcmd.ex e set config -section:system.webServer/ httpCompre ssion /-[name='xpress']" <enter>
I did do that and the http://servername looks better now; but, I do not think that has fixed the issue.
Well 1 thing is fixed, you mentioend befor to disabbel compression on the WSUS Server (64-bit).
http://support.myeasyprojects.net/KB/a104/http-error-50019-error-code-0x8007007e.aspx
Specificall the web site to run the command:
"%windir%\system32\inetsrv
I did do that and the http://servername looks better now; but, I do not think that has fixed the issue.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok,
1. On the server, I do get a prmpt to download or open the iuident.cab file.
a. Should I open or save that file?
2. I do not get prompted if I try to go to taht web link ( http://mogl-utl1/iuident.cab ) from a client pc,
3. I did run wuauclt /detectnow from 2 client WSUS compuers but nothing has changed from the WSUS server.
a. I still see no status reply yet from the Clients.
b. I have not restarted eitehr of them yet. I will do that 9restart and ten see what happens).
4. I have not updates to WSUS Service pack to yet either.
1. On the server, I do get a prmpt to download or open the iuident.cab file.
a. Should I open or save that file?
2. I do not get prompted if I try to go to taht web link ( http://mogl-utl1/iuident.cab ) from a client pc,
3. I did run wuauclt /detectnow from 2 client WSUS compuers but nothing has changed from the WSUS server.
a. I still see no status reply yet from the Clients.
b. I have not restarted eitehr of them yet. I will do that 9restart and ten see what happens).
4. I have not updates to WSUS Service pack to yet either.
ASKER
I think we are on to something here:
1. According to http://technet.microsoft.com/en-us/magazine/gg153542.aspx
a. if I cannot access http://mogl-utl1/iuident.cab from aclient then tehre si something wrong.
2. Additioanlly, in Server manager I see some errors assocaited with the start-up for WSUS.
3. For the suggest comand, I actually did a seach and found that .vbs file in
C:\program files\update services\setup\InstallSelf updateOnPo rt80.vbs
Should or can I just execute that .vbs from the windwos explorer folder? Or must I use the command prompt?
1. According to http://technet.microsoft.com/en-us/magazine/gg153542.aspx
a. if I cannot access http://mogl-utl1/iuident.cab from aclient then tehre si something wrong.
2. Additioanlly, in Server manager I see some errors assocaited with the start-up for WSUS.
3. For the suggest comand, I actually did a seach and found that .vbs file in
C:\program files\update services\setup\InstallSelf
Should or can I just execute that .vbs from the windwos explorer folder? Or must I use the command prompt?
ASKER
hey finally some progress, after I submitted my above post I wanted to see if one of the clients were showing after teh restert. Now both clients that I ran wuauclt /detectnow on are reporting in.
Should I still run that InstallSelfupdateOnPort80. vbs file? I have not triggered tath .vbs yet. I still cannot access http://mogl-utl1/iuident.cab from a client PC.
Should I still run that InstallSelfupdateOnPort80.
Should I still run that InstallSelfupdateOnPort80.vbs file?
It can only fix things, it wont break anything.
so yes
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hey I "think" some updates did install on my 2 test computers last night.
Now how can I verify that? Is there a report that I can run? To see which were installed form WSUS on any computer group from last night?
How can I verify if WSUS is installing updates on designated computers?
Now how can I verify that? Is there a report that I can run? To see which were installed form WSUS on any computer group from last night?
How can I verify if WSUS is installing updates on designated computers?
You can look at the last 50 or so lines of the windowsupdate.log
ASKER
It does not appear that anything got isntalled according to the WindowsUpdate.log, located on the \\mogl-util1\C$\Windows\Wi ndowsUpdat e.log
log-11212013.txt
log-11212013.txt
ASKER
It does not appear that anything got isntalled according to the WindowsUpdate.log, located on the \\mogl-util1\C$\Windows\WindowsUpdat e.log
No, you need to look at the windowsupdate.log on client....not server
This client is not getting the WSUS GPO
2013-11-20 15:25:45:327 904 e38 Agent * WSUS server: <NULL>
2013-11-20 15:25:45:327 904 e38 Agent * WSUS status server: <NULL>
Yes, you can run reports...just double click on a highlighted update
ASKER
Ok,
I just added 6 updates to be downlaoded and installed, from WSUS.
I just noticed that a windows update prompt is available on 1 of my test computers.
That was not there before.
I guess we will wait and see for tonight. Perhaps the updates that i seelcted in the past were nto needed and with no status showing there was no way to tell. And perhaps if any updates did install last night, tehy did not require a reboot.
I do not see anything from this morniong at 4:00 am (11/21/2013 - See attached: Around_4Oclock_11212013.tx t
I also attached the client Windows Update Log file. Log_Client_11212013.txt I see a lot of:
2013-11-21 11:05:39:708 436 11c4 DnldMgr * Regulation call complete. 0x00000000
2013-11-21 11:05:39:708 436 11c4 DnldMgr *********** DnldMgr: New download job [UpdateId = {C15A4671-66BE-41B0-84E7-9 E697FC3E4D A}.200] ***********
2013-11-21 11:05:39:708 436 11c4 DnldMgr Regulation: {7971F918-A847-4430-9279-4 A52D1EFE18 D} - Update C15A4671-66BE-41B0-84E7-9E 697FC3E4DA is "PerUpdate" regulated and can NOT download. Sequence 9306 vs AcceptRate 5000.
2013-11-21 11:05:39:708 436 11c4 DnldMgr * Update is not allowed to download due to regulation.
Around-4Oclock-11212013.txt
Log-Client-11212013.txt
I just added 6 updates to be downlaoded and installed, from WSUS.
I just noticed that a windows update prompt is available on 1 of my test computers.
That was not there before.
I guess we will wait and see for tonight. Perhaps the updates that i seelcted in the past were nto needed and with no status showing there was no way to tell. And perhaps if any updates did install last night, tehy did not require a reboot.
I do not see anything from this morniong at 4:00 am (11/21/2013 - See attached: Around_4Oclock_11212013.tx
I also attached the client Windows Update Log file. Log_Client_11212013.txt I see a lot of:
2013-11-21 11:05:39:708 436 11c4 DnldMgr * Regulation call complete. 0x00000000
2013-11-21 11:05:39:708 436 11c4 DnldMgr *********** DnldMgr: New download job [UpdateId = {C15A4671-66BE-41B0-84E7-9
2013-11-21 11:05:39:708 436 11c4 DnldMgr Regulation: {7971F918-A847-4430-9279-4
2013-11-21 11:05:39:708 436 11c4 DnldMgr * Update is not allowed to download due to regulation.
Around-4Oclock-11212013.txt
Log-Client-11212013.txt
ASKER
This client I am woring on can see teh WSUS server:
2013-11-20 18:10:36:114 436 2d4 AU # WSUS server: http://mogl-util1
2013-11-20 18:10:36:114 436 2d4 AU # Detection frequency: 22
So that is a good thing at least. Lets see what happens tonight.
2013-11-20 18:10:36:114 436 2d4 AU # WSUS server: http://mogl-util1
2013-11-20 18:10:36:114 436 2d4 AU # Detection frequency: 22
So that is a good thing at least. Lets see what happens tonight.
From one of your earlier posts
And then from your log
The client is not picking up the target group
which setting did you select in WSUS
As I was realizing how everything was already installed/configured everthing seemed to be in place. I did make some minor changes in the GPO, for client side targeting. I moved the clients (in Active Directory) to the 'WSUS Test' OU
And then from your log
target group = , DNS name = mogl00005d0710.w8521domain.com
The client is not picking up the target group
which setting did you select in WSUS
ASKER
No, it wont hurt
ASKER
I see some good and not so good notes, after I ran "wuauclt /detectnow" again. And did a restart of the PC.
I see windows updates waiting to be installed.
I see some settings stating to instal at 4:00 am.
But I still see "target group = , DNS name = mogl00005d0710.w8521domain .com"
Please se teh attachment. Maybe it just needs a little imt to ckick in?
I see the other test PC has a prompt tiinstall updates by the start button as well.
Afer-Restart-and-manual-update.txt
I see windows updates waiting to be installed.
I see some settings stating to instal at 4:00 am.
But I still see "target group = , DNS name = mogl00005d0710.w8521domain
Please se teh attachment. Maybe it just needs a little imt to ckick in?
I see the other test PC has a prompt tiinstall updates by the start button as well.
Afer-Restart-and-manual-update.txt
ASKER
ASKER
Hello dstewartjr,
From one of your comments above:
which setting did you select in WSUS
which selection should I have set?
The top or the bottom option?
- Use Update Service Console.
- Use Group Policy or Group Settings on Computer?
It appears that the WSUS server did install the udpates anyway; but, I would prefer to delegate specific Computers to a specific WSUS Group as indicated below.
- Windows_7_prof
- Windows_7_prof64
- Windows_2008R264
Perhaps having the previous setting (update from the Services Console) is better for what I want. As long as it works, with teh updates I am fine with seperating the coputers into WSUS groups.
From one of your comments above:
which setting did you select in WSUS
which selection should I have set?
The top or the bottom option?
- Use Update Service Console.
- Use Group Policy or Group Settings on Computer?
It appears that the WSUS server did install the udpates anyway; but, I would prefer to delegate specific Computers to a specific WSUS Group as indicated below.
- Windows_7_prof
- Windows_7_prof64
- Windows_2008R264
Perhaps having the previous setting (update from the Services Console) is better for what I want. As long as it works, with teh updates I am fine with seperating the coputers into WSUS groups.
ASKER
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Oh, so you are suggesting to have seperate WSUS Group Policies:
1. One GPO designed for workstations.
2. One GPO designed for Servers.
that makes sence becasue one may have the same GPO linked to different OU's. Is that correct?
1. One GPO designed for workstations.
2. One GPO designed for Servers.
that makes sence becasue one may have the same GPO linked to different OU's. Is that correct?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i Iill look at these best practices items over and thanks for everything.
ASKER