Posted on 2015-01-08
Last Modified: 2016-02-20
I recently re-installed a server with SBS2008.  My local machines are not downloading and installing windows updates.  Can anyone point me in the right direction on the server to get my SBS server to tell the local machines it's ok to download and install updates?
Question by:pjnutt
  • 4
  • 4
  • 2
  • +2
LVL 77

Expert Comment

ID: 40539517
It's part of a GPO use GPMC make sure the systems are in the correct sbs group.  There should be update packages one that defines where the wsus server is and the port on which to connect and then the updates that you can apply one set.

Make sure your wsus server is set and configured

Look at the GPMC for the standard wsus update policies I think they're are four.
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 40539537
1,  Have you configured WSUS (added categories and classifications)?
2.  Have you synced WSUS with microsoft update?
3. Have you approved the updates that you want?
4. Does the gpo for windows updates point to your WSUS server?
5. What error message if any are the clients getting?
LVL 22

Expert Comment

by:David Atkin
ID: 40539705
By default WSUS enable in SBS - The policies are created on installation.

In the SBS Console have you done the initial synchronization? (Security Tab> Updates> Sync now - on the right)

You will need to do this.  It can take a long while for the first sync to complete because of the amount of updates.
LVL 21

Expert Comment

by:Larry Struckmeyer MVP
ID: 40539950
And, run the SBS BPA and fix anything it finds.  In ADUC verify the systems are in the My Business - Computers OU.

Author Comment

ID: 40549931
I have done the synchronization.  I also checked to make sure my systems were in My Business Computers.  I also checked my schedule in the SBS Console to make sure it's scheduled to deploy and that my computers were listed.  I still have updates on my local computers that don't seem to be being picked up by my server.

Anything else I can check?
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 40550163
still have updates on my local computers that don't seem to be being picked up by my server.  You have to approve the update, accept the terms (if needed), it will download and then be available for clients in the specified approved group
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

LVL 77

Accepted Solution

arnold earned 500 total points
ID: 40550361
look at the GPMC policies that are included with SBS to see what their settings are.
One that applies sets the location where the updates are to be retrieved from
The others are settings per type server, workstation
make sure to use target to separate between types.

Use GPMC to run a Group Policy Wizard on one of the systems that you think should be getting an update, and then look at the results dealing with windows updates if set it will show you you from where it should retrieve and other parameters, if you see nothing like that, it means your WSUS are not applied/configured.

Author Comment

ID: 40550495
I am showing under applied policies for one of my local PCs:
Update Services Common Settings Policy AND
Update Services Client Computers Policy

Author Comment

ID: 40550496
Under User Configuration Summary DENIED GPO's I am seeing:
Update Services Common Policy Settting Link Location: Local Reason Denied: Empty

Could this be the issue, if so, how do I address?
LVL 77

Expert Comment

ID: 40550623
empty means you've not configured it.

under the Update Services Common Settings Policy you would only configure the http://yourwsusserver:8350 in the two locations. and that is it.

In the Update Services Client Computers Policy
You would configure the do not reboot when someone is loged on to avoid an update applying while someone is logged in and at the conclusion the system will auto reboot if not set.
Here you will also configure the target.
i.e. if you have servers, and workstations, you would want to distinguish the behavior such that workstation will download and install updates.
While the servers will download and prompt.
This also separates the approval process, Using one target group you will approve rules for workstations and the other for servers.  if you have the will you can create a test OU where you will place one of each type of workstations you have and have security, critical, etc. updates auto-approved for this target.  Then you would wait a week or so to make sure that an applied update does not have an adverse impact on the functionality of each system at which point you would need to approve these for the rest .

Author Comment

ID: 40594596
I'm not clear as to where I am supposed to enter the  http://yourwsusserver:8350 .  Any chance you could provide more step by step instructions?
LVL 77

Expert Comment

ID: 40595120
this is added in the GPO to configure WSUS client access.
computer configuration\advanced templates\windows components\windows update
intranet address.

you should have a c:\program files\update services\ wsusutil which is the WSUS manager.

Use the update administrative tool to see what the status of the WSUS server.

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Trying to create a report out of AD 2008 2 29
Server 2008 R2 Datacenter Repair OS 20 47
How to do advance search in Windows 2008? 11 38
Win 10 1607 and WSUS 6.3 4 41
I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
Experts-Exchange users below are the steps you can follow to upgrade your Lync server to latest CU's or cumulative updates. Note: Perform it during non-production hours.   Step 1: Backup your lync and SQL server database. Follow below article: h…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now