• Status: Solved
  • Priority: Medium
  • Security: Private
  • Views: 38
  • Last Modified:

Windows 8.1 wsus problems

Hi, we now have several windows 8.1 laptops on our domain network but we are having problems using wsus to update them.
Domain functional level is windows 2008 r2 and we have one 2012 R2 DC.
We are applying wsus through GPO.

The laptops receive all the correct GPO settings and recieve the updates (event logs show files downloaded)

That's about it, the updates never seem to get installed.

There's an error along the lines of:
"Installation ready: updates are ready... to install updates an administrator should log on.. windows will prompt with further instructions..."

Non admins are approved to approve updates via the gpo (and have checked the registry)

Logged on user is an administrator of the laptop anyway.

Help appreciated.
0
Paul Blackmore
Asked:
Paul Blackmore
  • 7
  • 4
1 Solution
 
Rob GMicrosoft Systems EngineerCommented:
What version of WSUS is it?
There was a service pack to WSUS to address issues with windows 8.1
The WSUS server in some versions have a bug that they see 8.1 as windows XP x64 and cannot apply the updates. The errors you get from this are all sorts of weird..

Another bug is UAC controls with Updates, you must have UAC enabled to get the updates to install with WSUS on 8.1

I had to create another GPO, Clone of the Win7 Ones to correct this issue, with UAC enabled, and drop all of the 8.1 machines into that GPO.
0
 
Paul BlackmoreIT ManagerAuthor Commented:
WSUS is latest verion. The updates are getting to the laptop. UAC has been turned off (manually not by GPO), I'll re-enable it to see if it makes any difference. Thanks
0
 
Paul BlackmoreIT ManagerAuthor Commented:
Nope, I've enabled UAC, no change (and approved a few more updates to poss give it a kick)
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Rob GMicrosoft Systems EngineerCommented:
Do you see anything in the Windowsupdate.log file?
If you do Windows key + R and type in WindowsUpdate.LOG you will have a text file come up..
It should give you additional info as to what is actually occurring..
0
 
Paul BlackmoreIT ManagerAuthor Commented:
2014-11-13      17:47:34:263       904      9d0      Report      CWERReporter finished handling 8 events. (00000000)
2014-11-13      17:47:37:085       904      d94      Agent        * Added update {9FED22FC-CDD2-4724-8463-C08F21DE6196}.204 to search result
2014-11-13      17:47:37:085       904      d94      Agent        * Added update {48585DD4-FB49-487C-BBED-2BB96A1A8A3A}.200 to search result
2014-11-13      17:47:37:085       904      d94      Agent      Update {61C88EDE-FCD7-4C91-809E-A7E58FB97E3C}.200 is pruned out due to potential supersedence
2014-11-13      17:47:37:085       904      d94      Agent        * Added update {0DACBEA9-4019-4E5C-B551-6AF2823BBAA5}.200 to search result
2014-11-13      17:47:37:085       904      d94      Agent        * Added update {54254032-E629-4ADC-BA84-CE1B9BA9F281}.200 to search result
2014-11-13      17:47:37:085       904      d94      Agent        * Added update {AB8A49A4-532E-4767-A514-E98DD08CBAB9}.200 to search result
2014-11-13      17:47:37:085       904      d94      Agent      Update {5B241E6A-BC17-44F1-AC7E-10D3BB21FDCB}.200 is pruned out due to potential supersedence
2014-11-13      17:47:37:085       904      d94      Agent      Update {D59F5FEA-5C29-4CF5-8416-D7279FFB585A}.201 is pruned out due to potential supersedence
2014-11-13      17:47:37:085       904      d94      Agent      Update {A070249A-3B10-4E2D-A56D-8C3414936358}.200 is pruned out due to potential supersedence
2014-11-13      17:47:37:085       904      d94      Agent      Update {F4242AA0-9C5F-4882-8306-2E75CC370FAA}.200 is pruned out due to potential supersedence
2014-11-13      17:47:37:085       904      d94      Agent      Update {5E51B95B-C253-4BCE-B304-F475A05DA58C}.200 is pruned out due to potential supersedence
2014-11-13      17:47:37:085       904      d94      Agent      Update {14295203-7DDA-4388-B7C7-86FE10E6973C}.200 is pruned out due to potential supersedence
2014-11-13      17:47:37:085       904      d94      Agent        * Added update {64A69324-3A89-43F3-B658-3B3168DFBA34}.200 to search result
2014-11-13      17:47:37:085       904      d94      Agent        * Added update {E219B681-EA39-4EBC-BE81-AE6EAB998936}.200 to search result
2014-11-13      17:47:37:085       904      d94      Agent        * Found 7 updates and 77 categories in search; evaluated appl. rules of 3123 out of 4490 deployed entities
2014-11-13      17:47:37:085       904      d94      Agent      Reporting status event with 192 installable, 57 installed,  0 installed pending, 0 failed and 7 downloaded updates
2014-11-13      17:47:37:085       904      d94      Agent      *********
2014-11-13      17:47:37:085       904      d94      Agent      **  END  **  Agent: Finding updates [CallerId = Windows Update Command Line  Id = 44]
2014-11-13      17:47:37:085       904      d94      Agent      *************
2014-11-13      17:47:37:085       904      d94      IdleTmr      WU operation (CSearchCall::Init ID 44, operation # 3346) stopped; does use network; is not at background priority
2014-11-13      17:47:37:085       904      d94      IdleTmr      Decremented idle timer priority operation counter to 0
2014-11-13      17:47:37:085       904      dac      AU      >>##  RESUMED  ## AU: Search for updates [CallId = {9433486F-02C1-4E02-90FD-2E6305466A5D} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2014-11-13      17:47:37:085       904      dac      AU        # 7 updates detected
2014-11-13      17:47:37:085       904      dac      AU      #########
2014-11-13      17:47:37:147       904      dac      AU      ##  END  ##  AU: Search for updates  [CallId = {9433486F-02C1-4E02-90FD-2E6305466A5D} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2014-11-13      17:47:37:147       904      dac      AU      #############
2014-11-13      17:47:37:147       904      dac      AU      All AU searches complete.
2014-11-13      17:47:37:147       904      dac      AU      AU setting next detection timeout to 2014-11-14 12:13:29
0
 
Paul BlackmoreIT ManagerAuthor Commented:
This is last bit of windows log. There are 7 downloaded updates but I cant seem to get anyway of installing them.
0
 
Paul BlackmoreIT ManagerAuthor Commented:
By switching from option 4 (Download and schedule) to option 3 (Download and notify) I've now got a message on action centre that there are updates that need to be approved but no way of approving them?
0
 
Rob GMicrosoft Systems EngineerCommented:
Paul,
What is the setting in the GPO?
It should be set to a time to install them..
What time is it set to install updates?

There are a few settings:
1. Notify for download and notify for install
2. Auto Download and notify for installation
3. Auto Download and schedule the installation
4. Allow local admin to choose the settings

In those settings you have additional settings:
1. Schedule installation time of day
1-1. everyday or Monday - Sunday
2. Scheduled Time of day for installation
2-1. 24hour clock based on time for installation

Another variable here:
If you have "delay restart for scheduled installation" set to enabled;
The system will not install the updates till after the next reboot.

While,
assuming you have rebooted, since you had to make the UAC control changes, the policy definition will determine when the system actually applies the updates.. Otherwise it would be better to not define anything, accept for the "specify intranet Microsoft update service location" and set the client machines to auto update, and reboot at will.. ;)

The logs, though, they look good..
No errors from what i can see..
0
 
Rob GMicrosoft Systems EngineerCommented:
The approval process needs to take place on the WSUS console.
While the user is an administrator that is allowed to locally OK what to install, the domain admin on the WSUS Server needs to approve the actual update prior to it being OK for the local admin to install or not install..

Is the Server hosting WSUS fully updated?
While the WSUS system itself has a variety of updates, there are some updates in the hosted OS that help as well.. Specifically with Signed certificates..
0
 
Paul BlackmoreIT ManagerAuthor Commented:
I've given up on this one. My GPO for windows 8.1 updates just points to our wsus server so that we can at least control what updates are received, all the other wsus settings I've controlled via registry edits.
0
 
Paul BlackmoreIT ManagerAuthor Commented:
Not fixed but a workaround until I have time to look more in depth at this.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 7
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now