Solved

SBS 2008 WSUS

Posted on 2015-01-08
12
54 Views
Last Modified: 2016-02-20
I recently re-installed a server with SBS2008.  My local machines are not downloading and installing windows updates.  Can anyone point me in the right direction on the server to get my SBS server to tell the local machines it's ok to download and install updates?
0
Comment
Question by:pjnutt
  • 4
  • 4
  • 2
  • +2
12 Comments
 
LVL 76

Expert Comment

by:arnold
ID: 40539517
It's part of a GPO use GPMC make sure the systems are in the correct sbs group.  There should be update packages one that defines where the wsus server is and the port on which to connect and then the updates that you can apply one set.

Make sure your wsus server is set and configured

Look at the GPMC for the standard wsus update policies I think they're are four.
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 40539537
1,  Have you configured WSUS (added categories and classifications)?
2.  Have you synced WSUS with microsoft update?
3. Have you approved the updates that you want?
4. Does the gpo for windows updates point to your WSUS server?
5. What error message if any are the clients getting?
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 40539705
By default WSUS enable in SBS - The policies are created on installation.

In the SBS Console have you done the initial synchronization? (Security Tab> Updates> Sync now - on the right)

You will need to do this.  It can take a long while for the first sync to complete because of the amount of updates.
0
 
LVL 21

Expert Comment

by:Larry Struckmeyer MVP
ID: 40539950
And, run the SBS BPA and fix anything it finds.  In ADUC verify the systems are in the My Business - Computers OU.
0
 

Author Comment

by:pjnutt
ID: 40549931
I have done the synchronization.  I also checked to make sure my systems were in My Business Computers.  I also checked my schedule in the SBS Console to make sure it's scheduled to deploy and that my computers were listed.  I still have updates on my local computers that don't seem to be being picked up by my server.

Anything else I can check?
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 40550163
still have updates on my local computers that don't seem to be being picked up by my server.  You have to approve the update, accept the terms (if needed), it will download and then be available for clients in the specified approved group
0
How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
ID: 40550361
look at the GPMC policies that are included with SBS to see what their settings are.
One that applies sets the location where the updates are to be retrieved from
The others are settings per type server, workstation
make sure to use target to separate between types.

Use GPMC to run a Group Policy Wizard on one of the systems that you think should be getting an update, and then look at the results dealing with windows updates if set it will show you you from where it should retrieve and other parameters, if you see nothing like that, it means your WSUS are not applied/configured.
0
 

Author Comment

by:pjnutt
ID: 40550495
I am showing under applied policies for one of my local PCs:
Update Services Common Settings Policy AND
Update Services Client Computers Policy
0
 

Author Comment

by:pjnutt
ID: 40550496
Under User Configuration Summary DENIED GPO's I am seeing:
Update Services Common Policy Settting Link Location: Local Reason Denied: Empty

Could this be the issue, if so, how do I address?
0
 
LVL 76

Expert Comment

by:arnold
ID: 40550623
empty means you've not configured it.

under the Update Services Common Settings Policy you would only configure the http://yourwsusserver:8350 in the two locations. and that is it.

In the Update Services Client Computers Policy
You would configure the do not reboot when someone is loged on to avoid an update applying while someone is logged in and at the conclusion the system will auto reboot if not set.
Here you will also configure the target.
i.e. if you have servers, and workstations, you would want to distinguish the behavior such that workstation will download and install updates.
While the servers will download and prompt.
This also separates the approval process, Using one target group you will approve rules for workstations and the other for servers.  if you have the will you can create a test OU where you will place one of each type of workstations you have and have security, critical, etc. updates auto-approved for this target.  Then you would wait a week or so to make sure that an applied update does not have an adverse impact on the functionality of each system at which point you would need to approve these for the rest .
...
0
 

Author Comment

by:pjnutt
ID: 40594596
I'm not clear as to where I am supposed to enter the  http://yourwsusserver:8350 .  Any chance you could provide more step by step instructions?
0
 
LVL 76

Expert Comment

by:arnold
ID: 40595120
this is added in the GPO to configure WSUS client access.
computer configuration\advanced templates\windows components\windows update
intranet address.

you should have a c:\program files\update services\ wsusutil which is the WSUS manager.


Use the update administrative tool to see what the status of the WSUS server.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Microsoft has released remote PowerShell capabilities to all commercial Office 365 customers. So you can be controlled via PowerShell and not from the Office 365 admin center Download Windows PowerShell Module for Lync Online http://www.micros…
This is a fairly complicated script that will install the required prerequisites to install SCCM 2012 R2 on a server.  It was designed under the functional model in order to compartmentalize each step required, reducing the overall complexity.  The …
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now