Solved

Windows Computers in SBS2011 Domain are not updating

Posted on 2014-01-08
11
1,477 Views
Last Modified: 2014-01-13
We have a mix of Windows XP and Windows 7 computers in a SBS2011 domain.
WSUS is not used or configured. Each computer was setup to auto download and install updates. About 2 months ago, this process stopped.

On the Windows 7 Systems, the control Windows/Windows Update section reports that updates are "Managed by your system Administrator"

I tried to run the update manually on one of the Windows 7 PC's  and got Error code 80072ee2.

On one of the Windows XP systems, I checked in the System Properties/Automatic Updates tab and I that the following selection is made and greyed out so it cannot be changed: Notify me but don't automatically download and install them.

Do I have need to change something in a Group Policy?
0
Comment
Question by:itplatoon
11 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 39767145
Run gpresult /v > C:\gpresult.txt

on each OS and look through that file for the WSUS setting to find out what policy you need to fix.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 39767147
You'll have to Edit Group Policy on the SBS Server
Specifically the Update Services Client Computer Policy and the Update Services Common Settings Policy

Why aren't you using WSUS?
0
 

Expert Comment

by:okeno12
ID: 39767159
go to the sbs server and edit the group policy
0
 

Author Comment

by:itplatoon
ID: 39767178
Another system admin might have made use of WSUS, not sure at this point.

I do see an error on the SBS console>Home> Updates  tab that shows " Update services cannot be contacted"

I checked and do see the Update Services service is online and running
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 39767184
So is your goal to get WSUS working properly. Or do you want to disable the group policy objects that force workstations to only update through WSUS?
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:itplatoon
ID: 39767187
If there is no downside to using WSUS, it might make sense to fix and use it. At this point, nothing is getting updated. So what are next steps to fix WSUS?
0
 
LVL 35

Accepted Solution

by:
Cris Hanna earned 500 total points
ID: 39767208
Here is the official Repair Guide for WSUS on SBS from Microsoft
Repair Windows Server Update Services   http://technet.microsoft.com/en-us/library/gg680316.aspx
0
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 39767244
You have to remove configure setting related wsus in group policy. Disable the WSUS configure group policy and run the command gpupdate /force or restart the computer and check if you can do windows update manually.

To disable setting is below :

In Group Policy Object Editor, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update.
In the details pane, click Specify Intranet Microsoft update service location.
Click Enabled and type the HTTP(S) URL of the same WSUS server in the Set the intranet update service for detecting updates box and in the Set the intranet statistics server box. For example, type http(s)://servername in both boxes.
Click OK.


For more info refer below link :

http://social.technet.microsoft.com/Forums/en-US/eff10fab-7ca3-471e-a164-bf7b73a28128/how-to-remove-wsus-client-settings?forum=winserverwsus

http://technet.microsoft.com/en-us/library/cc720539(ws.10).aspx
0
 

Author Comment

by:itplatoon
ID: 39775374
I use the repair process steps noted at this link:
http://technet.microsoft.com/en-us/library/gg680316.aspx

I found the following services not running:
WWW Published
Windows Process Activation and showing "Error: 13 The data is invalid

This led me to:

http://www.gringod.com/2008/08/15/when-iis-wont-start-error-13/

The culprit was: c:\windows\system32\inetsrv\config\applicationHost.config
I used the backup of the applicationHost.config file in c:\inetpub\history.
copied the file over and now all of the service work as expected.
WSUS seems to be working now as well too.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 39775443
Glad you were able to track this down.  is there anyone besides you that would make changes to IIS that could cause that file to change?
0
 

Author Closing Comment

by:itplatoon
ID: 39778329
Thanks for the expert advice!
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Written by Glen Knight (demazter) as part of a series of how-to articles. Introduction One of the biggest consumers of disk space with Small Business Server 2008(SBS) is Windows Server Update Services, more affectionately known as WSUS. For t…
I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now