Solved

WSUS not updating windows 7 Clients

Posted on 2014-04-08
3
1,730 Views
Last Modified: 2016-02-21
I am running windows server 2012 R2 with the WSUS server enabled.

Seems like all my clients are not downloading the windows updates from the server, because under "installed/not applicable" column, all of the machines show 99% or less.
There's no machine that shows 100%.  

I tried to manually update my one PC with:
wuauclt /detectnow
Wuauclt /reportnow

But it didn't do anything.  Then I restarted the server, still nothing.

I looked in the application and system logs, and there's no errors or warnings in either log, except the warning below.   I have also also attached the windowsupdate.log from the server.

Any idea's of what is happening.  I have configured my group policy to point to my server and apparently I think that works, because my computers ARE showing up in my WSUS updates, they are just not getting the updates.  When I click on any of the computers, it shows how many updates they still need and all of them show that they need updates.
Any help would be appreciated.

Then when I clicked on check microsoft website for updates, of course that worked and it found updates to install. (this is from the server or any client)

Log Name:      System
Source:        LsaSrv
Date:          4/8/2014 9:19:35 AM
Event ID:      6038
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      wsus.domain.com
Description:
Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server.
 
NTLM is a weaker authentication mechanism. Please check:
 
      Which applications are using NTLM authentication?
      Are there configuration issues preventing the use of stronger authentication such as Kerberos authentication?
      If NTLM must be supported, is Extended Protection configured?
 
Details on how to complete these checks can be found at http://go.microsoft.com/fwlink/?LinkId=225699.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="LsaSrv" Guid="{199fe037-2b82-40a9-82ac-e1d46c792b99}" EventSourceName="LsaSrv" />
    <EventID Qualifiers="0">6038</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-04-08T16:19:35.000000000Z" />
    <EventRecordID>12290</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>wsus.domain.com</Computer>
    <Security />
  </System>
  <EventData>
  </EventData>
</Event>
WindowsUpdate.log
0
Comment
Question by:afacts
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 500 total points
ID: 39986757
Are these needed updates approved ?
Has the client been rebooted in case there was a pending reboot required?
Have the files for the needed updates finished downloading to the server?
0
 

Author Comment

by:afacts
ID: 39986909
Yes, I have set the approval to be automatic.
I will reboot my PC just in case there's no pending reboots.

Yes, I'm sure the files have finished downloading, because it's scheduled to check around midnight, and we have a 50 Mbps connection up and down.  I can download a large file at 5 MB/sec.  Also, I use PRTG, and if the server would be downloading large files, I would know, so I'm sure it's down loading all the files it needs.
0
 

Author Closing Comment

by:afacts
ID: 40013509
When I first configured the server, the automatic approvals were setup and configured to automatically approve, but when I just checked, they were not checked, so not enabled.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

736 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question