Solved

Server not able to receive patches from internal WSUS server.

Posted on 2014-11-14
10
1,636 Views
Last Modified: 2016-02-20
Hi,

We deploy a GPO to update our servers to go to our internal WSUS box to get the MS updates.  Our servers receive the GPO but do not get the update from the WSUS server.  

I have the patches already approved to a specific computer group.

Please advise what else I should check.

Thanks.
wsussettings-for-servers.png
0
Comment
Question by:nav2567
  • 4
  • 4
  • 2
10 Comments
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 500 total points
ID: 40442630
Please post your windowsupdate.log from this server.
0
 
LVL 6

Expert Comment

by:Rob G
ID: 40442715
You have your updates scheduled to be installed any day at 3Am.
What does the Windowsupdate.log say on the client machine at 3am?
0
 

Author Comment

by:nav2567
ID: 40442813
Here is the windowsupdate.log:

2014-11-14      10:36:41:209       920      3dc      AU      Triggering AU detection through DetectNow API
2014-11-14      10:36:41:209       920      3dc      AU      Triggering Online detection (non-interactive)
2014-11-14      10:36:41:209       920      ba0      AU      #############
2014-11-14      10:36:41:209       920      ba0      AU      ## START ##  AU: Search for updates
2014-11-14      10:36:41:209       920      ba0      AU      #########
2014-11-14      10:36:41:209       920      ba0      AU      <<## SUBMITTED ## AU: Search for updates [CallId = {1CD8555B-4EA8-4F5D-A62C-C577B30156D7}]
2014-11-14      10:36:41:209       920      1280      Agent      *************
2014-11-14      10:36:41:209       920      1280      Agent      ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
2014-11-14      10:36:41:209       920      1280      Agent      *********
2014-11-14      10:36:41:209       920      1280      Agent        * Online = Yes; Ignore download priority = No
2014-11-14      10:36:41:209       920      1280      Agent        * Criteria = "IsHidden=0 and IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and IsAssigned=1 or IsHidden=0 and IsInstalled=1 and DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and IsAssigned=1 and RebootRequired=1"
2014-11-14      10:36:41:209       920      1280      Agent        * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2014-11-14      10:36:41:209       920      1280      Agent        * Search Scope = {Machine}
2014-11-14      10:36:41:459       920      1280      Misc      Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab:
2014-11-14      10:36:41:475       920      1280      Misc       Microsoft signed: Yes
2014-11-14      10:36:41:491       920      1280      Misc      Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab:
2014-11-14      10:36:41:491       920      1280      Misc       Microsoft signed: Yes
2014-11-14      10:36:41:522       920      1280      Misc      Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab:
2014-11-14      10:36:41:522       920      1280      Misc       Microsoft signed: Yes
2014-11-14      10:36:41:522       920      1280      Setup      ***********  Setup: Checking whether self-update is required  ***********
2014-11-14      10:36:41:522       920      1280      Setup        * Inf file: C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.inf
2014-11-14      10:36:41:538       920      1280      Setup      Update NOT required for C:\WINDOWS\system32\cdm.dll: target version = 7.6.7600.256, required version = 7.6.7600.256
2014-11-14      10:36:41:538       920      1280      Setup      Update NOT required for C:\WINDOWS\system32\wuapi.dll: target version = 7.6.7600.256, required version = 7.6.7600.256
2014-11-14      10:36:41:538       920      1280      Setup      Update NOT required for C:\WINDOWS\system32\wuapi.dll.mui: target version = 7.6.7600.256, required version = 7.6.7600.256
2014-11-14      10:36:41:538       920      1280      Setup      Update NOT required for C:\WINDOWS\system32\wuauclt.exe: target version = 7.6.7600.256, required version = 7.6.7600.256
2014-11-14      10:36:41:538       920      1280      Setup      Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl: target version = 7.6.7600.256, required version = 7.6.7600.256
2014-11-14      10:36:41:538       920      1280      Setup      Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl.mui: target version = 7.6.7600.256, required version = 7.6.7600.256
2014-11-14      10:36:41:538       920      1280      Setup      Update NOT required for C:\WINDOWS\system32\wuaueng.dll: target version = 7.6.7600.256, required version = 7.6.7600.256
2014-11-14      10:36:41:538       920      1280      Setup      Update NOT required for C:\WINDOWS\system32\wuaueng.dll.mui: target version = 7.6.7600.256, required version = 7.6.7600.256
2014-11-14      10:36:41:538       920      1280      Setup      Update NOT required for C:\WINDOWS\system32\wucltui.dll: target version = 7.6.7600.256, required version = 7.6.7600.256
2014-11-14      10:36:41:538       920      1280      Setup      Update NOT required for C:\WINDOWS\system32\wucltui.dll.mui: target version = 7.6.7600.256, required version = 7.6.7600.256
2014-11-14      10:36:41:538       920      1280      Setup      Update NOT required for C:\WINDOWS\system32\wups.dll: target version = 7.6.7600.256, required version = 7.6.7600.256
2014-11-14      10:36:41:538       920      1280      Setup      Update NOT required for C:\WINDOWS\system32\wups2.dll: target version = 7.6.7600.256, required version = 7.6.7600.256
2014-11-14      10:36:41:538       920      1280      Setup      Update NOT required for C:\WINDOWS\system32\wuweb.dll: target version = 7.6.7600.256, required version = 7.6.7600.256
2014-11-14      10:36:41:538       920      1280      Setup        * IsUpdateRequired = No
2014-11-14      10:36:42:756       920      1280      PT      +++++++++++  PT: Synchronizing server updates  +++++++++++
2014-11-14      10:36:42:756       920      1280      PT        + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://wsus.mydomain.com/ClientWebService/client.asmx
2014-11-14      10:36:43:381       920      1280      Agent      WARNING: Failed to evaluate Installed rule, updateId = {07AEE973-703C-4F27-83F1-3E764D9ED2C7}.202, hr = 80041010
2014-11-14      10:36:44:335       920      1280      PT      +++++++++++  PT: Synchronizing extended update info  +++++++++++
2014-11-14      10:36:44:335       920      1280      PT        + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://wsus.mydomain.com/ClientWebService/client.asmx
2014-11-14      10:36:44:741       920      1280      Agent        * Found 0 updates and 80 categories in search; evaluated appl. rules of 924 out of 1923 deployed entities
2014-11-14      10:36:44:756       920      1280      Agent      *********
2014-11-14      10:36:44:756       920      1280      Agent      **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2014-11-14      10:36:44:756       920      1280      Agent      *************
2014-11-14      10:36:44:756       920      cf0      AU      >>##  RESUMED  ## AU: Search for updates [CallId = {1CD8555B-4EA8-4F5D-A62C-C577B30156D7}]
2014-11-14      10:36:44:756       920      cf0      AU        # 0 updates detected
2014-11-14      10:36:44:756       920      cf0      AU      #########
2014-11-14      10:36:44:756       920      cf0      AU      ##  END  ##  AU: Search for updates [CallId = {1CD8555B-4EA8-4F5D-A62C-C577B30156D7}]
2014-11-14      10:36:44:756       920      cf0      AU      #############
2014-11-14      10:36:44:756       920      cf0      AU      Featured notifications is disabled.
2014-11-14      10:36:44:756       920      cf0      AU      AU setting next detection timeout to 2014-11-15 01:48:36
2014-11-14      10:36:44:756       920      cf0      AU      Setting AU scheduled install time to 2014-11-15 08:00:00
2014-11-14      10:36:49:756       920      1280      Report      REPORT EVENT: {B8274E4F-6224-402A-9B2F-A4BD54C911E4}      2014-11-14 10:36:44:756-0500      1      147      101      {00000000-0000-0000-0000-000000000000}      0      0      AutomaticUpdates      Success      Software Synchronization      Windows Update Client successfully detected 0 updates.
2014-11-14      10:36:49:756       920      1280      Report      REPORT EVENT: {E6449D7E-BD94-4740-A984-EF94157908D7}      2014-11-14 10:36:44:756-0500      1      156      101      {00000000-0000-0000-0000-000000000000}      0      0      AutomaticUpdates      Success      Pre-Deployment Check      Reporting client status.
0
 
LVL 6

Expert Comment

by:Rob G
ID: 40442854
You're missing a patch on WSUS.. .


http://support.microsoft.com/kb/2720211

Install this..
And try again..
0
 

Author Comment

by:nav2567
ID: 40443041
This is the version I have on my WSUS server:

Update Services

Microsoft Corporation

Version: 3.2.7600.226

I will download, apply and see if any improvement.

Thanks.
0
 

Author Comment

by:nav2567
ID: 40443061
Still do not see the update.  Here is the latest log.  Would you please check again?

014-11-14      12:13:19:615       920      ba0      AU      AU received policy change subscription event
2014-11-14      12:13:48:615       920      c70      AU      Triggering AU detection through DetectNow API
2014-11-14      12:13:48:615       920      c70      AU      Triggering Online detection (non-interactive)
2014-11-14      12:13:48:615       920      ba0      AU      #############
2014-11-14      12:13:48:615       920      ba0      AU      ## START ##  AU: Search for updates
2014-11-14      12:13:48:615       920      ba0      AU      #########
2014-11-14      12:13:48:615       920      ba0      AU      <<## SUBMITTED ## AU: Search for updates [CallId = {B0EA00F4-422F-4CC6-B4A5-7B16A39DDEB8}]
2014-11-14      12:13:48:615       920      16f0      Agent      *************
2014-11-14      12:13:48:615       920      16f0      Agent      ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
2014-11-14      12:13:48:615       920      16f0      Agent      *********
2014-11-14      12:13:48:615       920      16f0      Agent        * Online = Yes; Ignore download priority = No
2014-11-14      12:13:48:615       920      16f0      Agent        * Criteria = "IsHidden=0 and IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and IsAssigned=1 or IsHidden=0 and IsInstalled=1 and DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and IsAssigned=1 and RebootRequired=1"
2014-11-14      12:13:48:615       920      16f0      Agent        * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2014-11-14      12:13:48:615       920      16f0      Agent        * Search Scope = {Machine}
2014-11-14      12:13:48:896       920      16f0      Misc      Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab:
2014-11-14      12:13:48:912       920      16f0      Misc       Microsoft signed: Yes
2014-11-14      12:13:51:506       920      16f0      Misc      Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab:
2014-11-14      12:13:51:521       920      16f0      Misc       Microsoft signed: Yes
2014-11-14      12:13:51:552       920      16f0      Misc      Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab:
2014-11-14      12:13:51:552       920      16f0      Misc       Microsoft signed: Yes
2014-11-14      12:13:51:552       920      16f0      Setup      ***********  Setup: Checking whether self-update is required  ***********
2014-11-14      12:13:51:552       920      16f0      Setup        * Inf file: C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.inf
2014-11-14      12:13:51:568       920      16f0      Setup      Update NOT required for C:\WINDOWS\system32\cdm.dll: target version = 7.6.7600.256, required version = 7.6.7600.256
2014-11-14      12:13:51:568       920      16f0      Setup      Update NOT required for C:\WINDOWS\system32\wuapi.dll: target version = 7.6.7600.256, required version = 7.6.7600.256
2014-11-14      12:13:51:568       920      16f0      Setup      Update NOT required for C:\WINDOWS\system32\wuapi.dll.mui: target version = 7.6.7600.256, required version = 7.6.7600.256
2014-11-14      12:13:51:568       920      16f0      Setup      Update NOT required for C:\WINDOWS\system32\wuauclt.exe: target version = 7.6.7600.256, required version = 7.6.7600.256
2014-11-14      12:13:51:568       920      16f0      Setup      Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl: target version = 7.6.7600.256, required version = 7.6.7600.256
2014-11-14      12:13:51:568       920      16f0      Setup      Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl.mui: target version = 7.6.7600.256, required version = 7.6.7600.256
2014-11-14      12:13:51:568       920      16f0      Setup      Update NOT required for C:\WINDOWS\system32\wuaueng.dll: target version = 7.6.7600.256, required version = 7.6.7600.256
2014-11-14      12:13:51:568       920      16f0      Setup      Update NOT required for C:\WINDOWS\system32\wuaueng.dll.mui: target version = 7.6.7600.256, required version = 7.6.7600.256
2014-11-14      12:13:51:568       920      16f0      Setup      Update NOT required for C:\WINDOWS\system32\wucltui.dll: target version = 7.6.7600.256, required version = 7.6.7600.256
2014-11-14      12:13:51:568       920      16f0      Setup      Update NOT required for C:\WINDOWS\system32\wucltui.dll.mui: target version = 7.6.7600.256, required version = 7.6.7600.256
2014-11-14      12:13:51:568       920      16f0      Setup      Update NOT required for C:\WINDOWS\system32\wups.dll: target version = 7.6.7600.256, required version = 7.6.7600.256
2014-11-14      12:13:51:568       920      16f0      Setup      Update NOT required for C:\WINDOWS\system32\wups2.dll: target version = 7.6.7600.256, required version = 7.6.7600.256
2014-11-14      12:13:51:568       920      16f0      Setup      Update NOT required for C:\WINDOWS\system32\wuweb.dll: target version = 7.6.7600.256, required version = 7.6.7600.256
2014-11-14      12:13:51:568       920      16f0      Setup        * IsUpdateRequired = No
2014-11-14      12:13:53:584       920      16f0      PT      +++++++++++  PT: Synchronizing server updates  +++++++++++
2014-11-14      12:13:53:584       920      16f0      PT        + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://wsus.ourdomain.com/ClientWebService/client.asmx
2014-11-14      12:13:53:740       920      16f0      PT      WARNING: Cached cookie has expired or new PID is available
2014-11-14      12:13:53:740       920      16f0      PT      Initializing simple targeting cookie, clientId = 03f0bae9-d7ca-45fd-aafd-b57401bf3b5b, target group = , DNS name = server1.ourdomain.com
2014-11-14      12:13:53:740       920      16f0      PT        Server URL = http://wsus.ourdomain.com/SimpleAuthWebService/SimpleAuth.asmx
2014-11-14      12:13:59:599       920      16f0      PT      WARNING: GetCookie failure, error = 0x8024400D, soap client error = 7, soap error code = 300, HTTP status code = 200
2014-11-14      12:13:59:599       920      16f0      PT      WARNING: SOAP Fault: 0x00012c
2014-11-14      12:13:59:599       920      16f0      PT      WARNING:     faultstring:Fault occurred
2014-11-14      12:13:59:599       920      16f0      PT      WARNING:     ErrorCode:ConfigChanged(2)
2014-11-14      12:13:59:599       920      16f0      PT      WARNING:     Message:(null)
2014-11-14      12:13:59:599       920      16f0      PT      WARNING:     Method:"http://www.microsoft.com/SoftwareDistribution/Server/ClientWebService/GetCookie"
2014-11-14      12:13:59:599       920      16f0      PT      WARNING:     ID:c6456412-334f-440e-b014-fe867a450395
2014-11-14      12:13:59:678       920      16f0      PT      WARNING: Cached cookie has expired or new PID is available
2014-11-14      12:13:59:678       920      16f0      PT      Initializing simple targeting cookie, clientId = 03f0bae9-d7ca-45fd-aafd-b57401bf3b5b, target group = , DNS name = server1.ourdomain.com
2014-11-14      12:13:59:678       920      16f0      PT        Server URL = http://wsus.ourdomain.com/SimpleAuthWebService/SimpleAuth.asmx
2014-11-14      12:14:00:178       920      16f0      Agent      WARNING: Failed to evaluate Installed rule, updateId = {07AEE973-703C-4F27-83F1-3E764D9ED2C7}.202, hr = 80041010
2014-11-14      12:14:01:271       920      16f0      PT      +++++++++++  PT: Synchronizing extended update info  +++++++++++
2014-11-14      12:14:01:271       920      16f0      PT        + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://wsus.ourdomain.com/ClientWebService/client.asmx
2014-11-14      12:14:04:365       920      16f0      Agent        * Found 0 updates and 80 categories in search; evaluated appl. rules of 924 out of 1923 deployed entities
2014-11-14      12:14:04:396       920      16f0      Agent      *********
2014-11-14      12:14:04:396       920      16f0      Agent      **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2014-11-14      12:14:04:396       920      16f0      Agent      *************
2014-11-14      12:14:04:396       920      b6c      AU      >>##  RESUMED  ## AU: Search for updates [CallId = {B0EA00F4-422F-4CC6-B4A5-7B16A39DDEB8}]
2014-11-14      12:14:04:396       920      b6c      AU        # 0 updates detected
2014-11-14      12:14:04:396       920      b6c      AU      #########
2014-11-14      12:14:04:396       920      b6c      AU      ##  END  ##  AU: Search for updates [CallId = {B0EA00F4-422F-4CC6-B4A5-7B16A39DDEB8}]
2014-11-14      12:14:04:396       920      b6c      AU      #############
2014-11-14      12:14:04:396       920      b6c      AU      Featured notifications is disabled.
2014-11-14      12:14:04:412       920      b6c      AU      AU setting next detection timeout to 2014-11-15 02:52:00
2014-11-14      12:14:04:412       920      b6c      AU      Setting AU scheduled install time to 2014-11-15 08:00:00
0
 
LVL 6

Expert Comment

by:Rob G
ID: 40443157
Two things i see..
1. There looks to be no updates available for this machine.
2. What OS is this for?

If it is for 8.0 or 8.1 check the console and make sure you are seeing the kernel as being updates for 8.0 or 8.1 as there is a bug in WSUS that makes it think 8.x is windows XP x64 and nothing will update due to that..


Additional information:
What is your policy setup like?
Have you checked the local policy on a machine that should be getting updates to see if it is correctly getting the policy?
Do you have the updates downloaded and approved on the WSUS server?
does the machine show up in the console and requiring updates?

Try from client:
wuauclt /detectnow
run as administrator through the CMD prompt..

Followed by wuauclt /reportnow
which should cause the client side to report to the WSUS server to update the server of what it is missing.
0
 

Author Comment

by:nav2567
ID: 40443193
Please see the attached that shows my GPO settings.  

This is the first WSUS server we setup to deploy updates to our servers.  

I have already tried wuauclt /detectnow /reportnow but the server still not getting the update.
wsus-gpo.png
0
 
LVL 6

Expert Comment

by:Rob G
ID: 40443238
Everything looks pretty good..
You have a few settings i would suggest changing.. and a few i would test, and possibly change later..

The ones you will need to change to test this..
1. You will need to change the interval on your detection frequency to something more realistic like 3 hours, as setting it to 12 hours, you're telling the desktops to not check the server any other time then that 12 hour poll, which can cause issues, since if i log is at 8AM after being turned off, or set to sleep, it might not set to check again till 8PM, but the machine might be off a that time.. It is 12 hours from the Policy application time, not the update scheduled time.  So for testing today, You won't have the client check for updates from the server till around 12 hours after 15min after you first logged in and got the policy applied today..

2. You have a schedule time for auto download and schedule install.
Which is fine.. but make sure none of the machines are being turned off at night, or going to sleep, or hibernating, if they are i would set this for another time, in my network i have it set for about 30min before closing.. so even if they don't apply the updates, they will be on that machine.

3. Schedule other than force..
If you have it set to just download and not apply them, and auto reboot, you have a double edge sword.. I worked around it with a script that forces all machines to reboot at 8PM on wednesday nights, which applys the updates.. Because my workforce, or end users don't reboot, and just constantly click the 15min wait time.. Which makes having WSUS worthless..

4. "No auto restart with logged on users for scheduled automatic update installations"
You have this disabled.. Only issue, is that you only have the updates downloading, not auto installing, so this will never work as intended, you would be better off to just leave this as not configured, so that the end user can set the system to auto reboot if need be..


Honestly..
It will work for desktops,
But you should really change the time stamps..

You should also create a few revisions..
1. for servers
1. for laptops and tablets
1. for desktops..

with the servers set it to download only.. set a late time like your 3Am
with the tablets and laptops use one that allows the users to access outside updates sites, and allow them to schedule there own update times, as you really don't want all the update traffic going over VPN connections..
Desktops use the one you have..

And lastly,
create one just for WSUS to update itself.

Hope this info helps..


However,
If you have the system checking at
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 40447365
http://support.microsoft.com/kb/2720211

is way old, you need to install the latest WSUS update

http://support.microsoft.com/kb/2828185
0

Join & Write a Comment

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now