[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

WSUS not updating windows 7 Clients

Posted on 2014-04-08
3
Medium Priority
?
1,758 Views
Last Modified: 2016-02-21
I am running windows server 2012 R2 with the WSUS server enabled.

Seems like all my clients are not downloading the windows updates from the server, because under "installed/not applicable" column, all of the machines show 99% or less.
There's no machine that shows 100%.  

I tried to manually update my one PC with:
wuauclt /detectnow
Wuauclt /reportnow

But it didn't do anything.  Then I restarted the server, still nothing.

I looked in the application and system logs, and there's no errors or warnings in either log, except the warning below.   I have also also attached the windowsupdate.log from the server.

Any idea's of what is happening.  I have configured my group policy to point to my server and apparently I think that works, because my computers ARE showing up in my WSUS updates, they are just not getting the updates.  When I click on any of the computers, it shows how many updates they still need and all of them show that they need updates.
Any help would be appreciated.

Then when I clicked on check microsoft website for updates, of course that worked and it found updates to install. (this is from the server or any client)

Log Name:      System
Source:        LsaSrv
Date:          4/8/2014 9:19:35 AM
Event ID:      6038
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      wsus.domain.com
Description:
Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server.
 
NTLM is a weaker authentication mechanism. Please check:
 
      Which applications are using NTLM authentication?
      Are there configuration issues preventing the use of stronger authentication such as Kerberos authentication?
      If NTLM must be supported, is Extended Protection configured?
 
Details on how to complete these checks can be found at http://go.microsoft.com/fwlink/?LinkId=225699.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="LsaSrv" Guid="{199fe037-2b82-40a9-82ac-e1d46c792b99}" EventSourceName="LsaSrv" />
    <EventID Qualifiers="0">6038</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-04-08T16:19:35.000000000Z" />
    <EventRecordID>12290</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>wsus.domain.com</Computer>
    <Security />
  </System>
  <EventData>
  </EventData>
</Event>
WindowsUpdate.log
0
Comment
Question by:afacts
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 2000 total points
ID: 39986757
Are these needed updates approved ?
Has the client been rebooted in case there was a pending reboot required?
Have the files for the needed updates finished downloading to the server?
0
 

Author Comment

by:afacts
ID: 39986909
Yes, I have set the approval to be automatic.
I will reboot my PC just in case there's no pending reboots.

Yes, I'm sure the files have finished downloading, because it's scheduled to check around midnight, and we have a 50 Mbps connection up and down.  I can download a large file at 5 MB/sec.  Also, I use PRTG, and if the server would be downloading large files, I would know, so I'm sure it's down loading all the files it needs.
0
 

Author Closing Comment

by:afacts
ID: 40013509
When I first configured the server, the automatic approvals were setup and configured to automatically approve, but when I just checked, they were not checked, so not enabled.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question