?
Solved

SBS 2008 WSUS

Posted on 2015-01-08
12
Medium Priority
?
65 Views
Last Modified: 2016-02-20
I recently re-installed a server with SBS2008.  My local machines are not downloading and installing windows updates.  Can anyone point me in the right direction on the server to get my SBS server to tell the local machines it's ok to download and install updates?
0
Comment
Question by:pjnutt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +2
12 Comments
 
LVL 79

Expert Comment

by:arnold
ID: 40539517
It's part of a GPO use GPMC make sure the systems are in the correct sbs group.  There should be update packages one that defines where the wsus server is and the port on which to connect and then the updates that you can apply one set.

Make sure your wsus server is set and configured

Look at the GPMC for the standard wsus update policies I think they're are four.
0
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 40539537
1,  Have you configured WSUS (added categories and classifications)?
2.  Have you synced WSUS with microsoft update?
3. Have you approved the updates that you want?
4. Does the gpo for windows updates point to your WSUS server?
5. What error message if any are the clients getting?
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 40539705
By default WSUS enable in SBS - The policies are created on installation.

In the SBS Console have you done the initial synchronization? (Security Tab> Updates> Sync now - on the right)

You will need to do this.  It can take a long while for the first sync to complete because of the amount of updates.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 40539950
And, run the SBS BPA and fix anything it finds.  In ADUC verify the systems are in the My Business - Computers OU.
0
 

Author Comment

by:pjnutt
ID: 40549931
I have done the synchronization.  I also checked to make sure my systems were in My Business Computers.  I also checked my schedule in the SBS Console to make sure it's scheduled to deploy and that my computers were listed.  I still have updates on my local computers that don't seem to be being picked up by my server.

Anything else I can check?
0
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 40550163
still have updates on my local computers that don't seem to be being picked up by my server.  You have to approve the update, accept the terms (if needed), it will download and then be available for clients in the specified approved group
0
 
LVL 79

Accepted Solution

by:
arnold earned 1500 total points
ID: 40550361
look at the GPMC policies that are included with SBS to see what their settings are.
One that applies sets the location where the updates are to be retrieved from
The others are settings per type server, workstation
make sure to use target to separate between types.

Use GPMC to run a Group Policy Wizard on one of the systems that you think should be getting an update, and then look at the results dealing with windows updates if set it will show you you from where it should retrieve and other parameters, if you see nothing like that, it means your WSUS are not applied/configured.
0
 

Author Comment

by:pjnutt
ID: 40550495
I am showing under applied policies for one of my local PCs:
Update Services Common Settings Policy AND
Update Services Client Computers Policy
0
 

Author Comment

by:pjnutt
ID: 40550496
Under User Configuration Summary DENIED GPO's I am seeing:
Update Services Common Policy Settting Link Location: Local Reason Denied: Empty

Could this be the issue, if so, how do I address?
0
 
LVL 79

Expert Comment

by:arnold
ID: 40550623
empty means you've not configured it.

under the Update Services Common Settings Policy you would only configure the http://yourwsusserver:8350 in the two locations. and that is it.

In the Update Services Client Computers Policy
You would configure the do not reboot when someone is loged on to avoid an update applying while someone is logged in and at the conclusion the system will auto reboot if not set.
Here you will also configure the target.
i.e. if you have servers, and workstations, you would want to distinguish the behavior such that workstation will download and install updates.
While the servers will download and prompt.
This also separates the approval process, Using one target group you will approve rules for workstations and the other for servers.  if you have the will you can create a test OU where you will place one of each type of workstations you have and have security, critical, etc. updates auto-approved for this target.  Then you would wait a week or so to make sure that an applied update does not have an adverse impact on the functionality of each system at which point you would need to approve these for the rest .
...
0
 

Author Comment

by:pjnutt
ID: 40594596
I'm not clear as to where I am supposed to enter the  http://yourwsusserver:8350 .  Any chance you could provide more step by step instructions?
0
 
LVL 79

Expert Comment

by:arnold
ID: 40595120
this is added in the GPO to configure WSUS client access.
computer configuration\advanced templates\windows components\windows update
intranet address.

you should have a c:\program files\update services\ wsusutil which is the WSUS manager.


Use the update administrative tool to see what the status of the WSUS server.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Experts-Exchange users below are the steps you can follow to upgrade your Lync server to latest CU's or cumulative updates. Note: Perform it during non-production hours.   Step 1: Backup your lync and SQL server database. Follow below article: h…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question