SolvedPrivate

Windows 8.1 wsus problems

Posted on 2014-11-13
11
25 Views
Last Modified: 2016-02-19
Hi, we now have several windows 8.1 laptops on our domain network but we are having problems using wsus to update them.
Domain functional level is windows 2008 r2 and we have one 2012 R2 DC.
We are applying wsus through GPO.

The laptops receive all the correct GPO settings and recieve the updates (event logs show files downloaded)

That's about it, the updates never seem to get installed.

There's an error along the lines of:
"Installation ready: updates are ready... to install updates an administrator should log on.. windows will prompt with further instructions..."

Non admins are approved to approve updates via the gpo (and have checked the registry)

Logged on user is an administrator of the laptop anyway.

Help appreciated.
0
Comment
Question by:Paul Blackmore
  • 7
  • 4
11 Comments
 
LVL 6

Expert Comment

by:Rob G
ID: 40440452
What version of WSUS is it?
There was a service pack to WSUS to address issues with windows 8.1
The WSUS server in some versions have a bug that they see 8.1 as windows XP x64 and cannot apply the updates. The errors you get from this are all sorts of weird..

Another bug is UAC controls with Updates, you must have UAC enabled to get the updates to install with WSUS on 8.1

I had to create another GPO, Clone of the Win7 Ones to correct this issue, with UAC enabled, and drop all of the 8.1 machines into that GPO.
0
 

Author Comment

by:Paul Blackmore
ID: 40440471
WSUS is latest verion. The updates are getting to the laptop. UAC has been turned off (manually not by GPO), I'll re-enable it to see if it makes any difference. Thanks
0
 

Author Comment

by:Paul Blackmore
ID: 40440502
Nope, I've enabled UAC, no change (and approved a few more updates to poss give it a kick)
0
 
LVL 6

Expert Comment

by:Rob G
ID: 40440512
Do you see anything in the Windowsupdate.log file?
If you do Windows key + R and type in WindowsUpdate.LOG you will have a text file come up..
It should give you additional info as to what is actually occurring..
0
 

Author Comment

by:Paul Blackmore
ID: 40440575
2014-11-13      17:47:34:263       904      9d0      Report      CWERReporter finished handling 8 events. (00000000)
2014-11-13      17:47:37:085       904      d94      Agent        * Added update {9FED22FC-CDD2-4724-8463-C08F21DE6196}.204 to search result
2014-11-13      17:47:37:085       904      d94      Agent        * Added update {48585DD4-FB49-487C-BBED-2BB96A1A8A3A}.200 to search result
2014-11-13      17:47:37:085       904      d94      Agent      Update {61C88EDE-FCD7-4C91-809E-A7E58FB97E3C}.200 is pruned out due to potential supersedence
2014-11-13      17:47:37:085       904      d94      Agent        * Added update {0DACBEA9-4019-4E5C-B551-6AF2823BBAA5}.200 to search result
2014-11-13      17:47:37:085       904      d94      Agent        * Added update {54254032-E629-4ADC-BA84-CE1B9BA9F281}.200 to search result
2014-11-13      17:47:37:085       904      d94      Agent        * Added update {AB8A49A4-532E-4767-A514-E98DD08CBAB9}.200 to search result
2014-11-13      17:47:37:085       904      d94      Agent      Update {5B241E6A-BC17-44F1-AC7E-10D3BB21FDCB}.200 is pruned out due to potential supersedence
2014-11-13      17:47:37:085       904      d94      Agent      Update {D59F5FEA-5C29-4CF5-8416-D7279FFB585A}.201 is pruned out due to potential supersedence
2014-11-13      17:47:37:085       904      d94      Agent      Update {A070249A-3B10-4E2D-A56D-8C3414936358}.200 is pruned out due to potential supersedence
2014-11-13      17:47:37:085       904      d94      Agent      Update {F4242AA0-9C5F-4882-8306-2E75CC370FAA}.200 is pruned out due to potential supersedence
2014-11-13      17:47:37:085       904      d94      Agent      Update {5E51B95B-C253-4BCE-B304-F475A05DA58C}.200 is pruned out due to potential supersedence
2014-11-13      17:47:37:085       904      d94      Agent      Update {14295203-7DDA-4388-B7C7-86FE10E6973C}.200 is pruned out due to potential supersedence
2014-11-13      17:47:37:085       904      d94      Agent        * Added update {64A69324-3A89-43F3-B658-3B3168DFBA34}.200 to search result
2014-11-13      17:47:37:085       904      d94      Agent        * Added update {E219B681-EA39-4EBC-BE81-AE6EAB998936}.200 to search result
2014-11-13      17:47:37:085       904      d94      Agent        * Found 7 updates and 77 categories in search; evaluated appl. rules of 3123 out of 4490 deployed entities
2014-11-13      17:47:37:085       904      d94      Agent      Reporting status event with 192 installable, 57 installed,  0 installed pending, 0 failed and 7 downloaded updates
2014-11-13      17:47:37:085       904      d94      Agent      *********
2014-11-13      17:47:37:085       904      d94      Agent      **  END  **  Agent: Finding updates [CallerId = Windows Update Command Line  Id = 44]
2014-11-13      17:47:37:085       904      d94      Agent      *************
2014-11-13      17:47:37:085       904      d94      IdleTmr      WU operation (CSearchCall::Init ID 44, operation # 3346) stopped; does use network; is not at background priority
2014-11-13      17:47:37:085       904      d94      IdleTmr      Decremented idle timer priority operation counter to 0
2014-11-13      17:47:37:085       904      dac      AU      >>##  RESUMED  ## AU: Search for updates [CallId = {9433486F-02C1-4E02-90FD-2E6305466A5D} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2014-11-13      17:47:37:085       904      dac      AU        # 7 updates detected
2014-11-13      17:47:37:085       904      dac      AU      #########
2014-11-13      17:47:37:147       904      dac      AU      ##  END  ##  AU: Search for updates  [CallId = {9433486F-02C1-4E02-90FD-2E6305466A5D} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2014-11-13      17:47:37:147       904      dac      AU      #############
2014-11-13      17:47:37:147       904      dac      AU      All AU searches complete.
2014-11-13      17:47:37:147       904      dac      AU      AU setting next detection timeout to 2014-11-14 12:13:29
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:Paul Blackmore
ID: 40440581
This is last bit of windows log. There are 7 downloaded updates but I cant seem to get anyway of installing them.
0
 

Author Comment

by:Paul Blackmore
ID: 40440597
By switching from option 4 (Download and schedule) to option 3 (Download and notify) I've now got a message on action centre that there are updates that need to be approved but no way of approving them?
0
 
LVL 6

Expert Comment

by:Rob G
ID: 40440623
Paul,
What is the setting in the GPO?
It should be set to a time to install them..
What time is it set to install updates?

There are a few settings:
1. Notify for download and notify for install
2. Auto Download and notify for installation
3. Auto Download and schedule the installation
4. Allow local admin to choose the settings

In those settings you have additional settings:
1. Schedule installation time of day
1-1. everyday or Monday - Sunday
2. Scheduled Time of day for installation
2-1. 24hour clock based on time for installation

Another variable here:
If you have "delay restart for scheduled installation" set to enabled;
The system will not install the updates till after the next reboot.

While,
assuming you have rebooted, since you had to make the UAC control changes, the policy definition will determine when the system actually applies the updates.. Otherwise it would be better to not define anything, accept for the "specify intranet Microsoft update service location" and set the client machines to auto update, and reboot at will.. ;)

The logs, though, they look good..
No errors from what i can see..
0
 
LVL 6

Expert Comment

by:Rob G
ID: 40440630
The approval process needs to take place on the WSUS console.
While the user is an administrator that is allowed to locally OK what to install, the domain admin on the WSUS Server needs to approve the actual update prior to it being OK for the local admin to install or not install..

Is the Server hosting WSUS fully updated?
While the WSUS system itself has a variety of updates, there are some updates in the hosted OS that help as well.. Specifically with Signed certificates..
0
 

Accepted Solution

by:
Paul Blackmore earned 0 total points
ID: 40486307
I've given up on this one. My GPO for windows 8.1 updates just points to our wsus server so that we can at least control what updates are received, all the other wsus settings I've controlled via registry edits.
0
 

Author Closing Comment

by:Paul Blackmore
ID: 40495788
Not fixed but a workaround until I have time to look more in depth at this.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Join & Write a Comment

I was asked if I could set up a fax machine so that incoming faxes were delivered to people's Exchange inboxes and so that they could send faxes from their desktops without needing to print the document first.  I knew it was possible but I had no id…
I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now