• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 353
  • Last Modified:

WSUS managed computers not receiving updates

I'm installing WSUS onto a domain controller (Server 2012 R2). I have the role up and running, have a custom Computer group with our ~200 domain computers running Windows 7 Pro x64. I have synchronized the server with the Microsoft Updates server, and approved many, many updates for installation.

In my list of computers, I see machines needing anywhere from 10-60 updates. I have configured both the default domain group policy, as well as WSUS Policy, to point to this domain controller, automatically download/install updates, and check for new updates daily as well as 5 minutes after boot.

Unfortunately the domain computers don't seem to be reporting back to WSUS, and WSUS never shows any computers receiving updates. On my test machine if I manually check for updates direct from Microsoft I get authentic results, but when I check for updates via sever (our traditional way) it comes back with an error.

For the GPO in Windows Update for "specify intranet locations", I have entered:
http://servername
http://servername:80
http://servername:8530
All with no results of computers getting updates.

I feel like the WSUS is set up correctly (how many modifications can there really be?), and feel like I have customized the default and WSUS GPOs correctly (pretty straightforward enable/disable for server 2012)....Seems like the clients just aren't looking for updates...any ideas?
0
dpcsit
Asked:
dpcsit
  • 4
  • 2
1 Solution
 
Cliff GaliherCommented:
"but when I check for updates via sever (our traditional way) it comes back with an error."

...and that error would be...??
0
 
dpcsitAuthor Commented:
D'OH...knew i left something out...

Windows Update error: 80244019

I was hoping to stick with GP changes and not registry...We have previously had WSUS working in our domain, but on a now-extinct domain controller running server 2008. It was fairly seamless in that I would approve updates, and within the next few hours, clients would have pop ups for users to restart so that updates can install.
0
 
Cliff GaliherCommented:
You should be configuring the client to use port 8530. Check for typos. Test DNS. And make sure port 8530 is open on the window firewall (that last one trips up a lot of people.) 80244029 is often just simple failure to contact which pints to a network issue.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
dpcsitAuthor Commented:
Thanks Cliff,

In the migration from server 2008 > server 2012, we have had residual DNS issues off and on...I'll try to replace the intranet name with http://domain ip address:8530 to see if that works.

I'll report back with any updates...
0
 
dpcsitAuthor Commented:
FINAL UPDATE:

I had to remove/reinstall the WSUS service as a whole; it was trying to download 1.9 TB of updates for all kinds of Windows OS's and the download couldn't be stopped.

After the role reinstallation, I made sure to only select Windows 7 as a product, and go from there. I had to download 8 GB of updates, which completed over the weekend, and the clients are slowly starting to get their updates and report back as ok (now if I could only convince the users to actually APPLY the updates).

Thanks for the help. Moral of the story; be patient; don't download half the internet either.
0
 
dpcsitAuthor Commented:
It worked.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now