Solved

WSUS GPO issues

Posted on 2014-12-18
11
283 Views
Last Modified: 2016-02-19
Hello Experts,

I have a client who is struggling with a GPO that pushes updates to computers from a WSUS server. They don’t have SCCM in place, and that is not an option now. They are using WSUS 3.0 SP2.
 
 
The WSUS GPO isn’t working.  They checked the settings and were able to see the GPO settings by running gpedit.msc on the workstation and we saw that the enable client-side targeting didn’t change.
 
This GPO is linked to an OU named XXXX. The GPO has been forced to all computers. None of the computers is receiving the updates. After running GPOresult we can see that the GPO is being applied, but for some reason updates are not applied to workstations even if you force the GPO, and enable client-side targeting [is not accepting the changes]
 
Can someone please indicate step-by-step to resolve a GPO that involves a WSUS 3.0 SP2 server and laptops? Please provide instructions step-by-step from client side and server side
 
Forest/domain functional level is 2008 R2
 
 
Please see screenshot below
Screen-Shot-WSUSError.png
0
Comment
Question by:Jerry Seinfield
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40507210
Client side targeting requires that you set a group name via GPO *and* that you enable it in the WSUS console. Otherwise the WSUS server will simply ignore the group name that the client claims to be a member of.
0
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 40507216
Ensure you have correct configuration on GPO, not only client-side targeting. You must configure clients to use this WSUS instead of Windows update, how and when updates will applied...: http://technet.microsoft.com/en-us/library/cc720539(v=ws.10).aspx
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 40507325
According to your screenshot it looks like you are trying to configure from the "Local Computer Policy"

You should be using the "Group Policy Management" console
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 2

Expert Comment

by:NxJNY
ID: 40507514
i agree with the comments above also are you sure all your PC's have different SSID?
0
 

Author Comment

by:Jerry Seinfield
ID: 40507554
Hi Cliff,

Can you please provide additional information about your statement? Step-by-step instructions

Client side targeting requires that you set a group name via GPO *and* that you enable it in the WSUS console. Otherwise the WSUS server will simply ignore the group name that the client claims to be a member of.

Are you confident that by creating that group and enabling in the WSUS console will fix the issue?

Can you please send also instructions step by step to create the new GPO and distribute all patches via WSUS for a windows 2008 R2 domain?

Anyone, your feedback is highly appreciated
0
 

Author Comment

by:Jerry Seinfield
ID: 40507738
Any updates on my last question please? need a feedback ASAP
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40507831
I don't give "step by step." I happily give advice, but I also do I.T as a career. If someone doesn't have some basic knowledge and needs more than advice, they should pay a skilled consultant. You'll find most experts here are similarly minded.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 40507850
You also might want to respond to the other experts comments in this thread that are trying to help as well.
0
 

Author Comment

by:Jerry Seinfield
ID: 40507915
Ok, let me rephrase my question,

Are you confident that by creating a group in AD and then enabling that group in the WSUS console will fix my issue?

No need to send step-by-step instructions. Thanks for your honesty.
0
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 500 total points
ID: 40507934
No, you dont create any groups in AD. You would specify the group name in Group Policy under Client Side Targeting...then you create that group in WSUS.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 40507941
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question