Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

SBS 2008 WSUS

Posted on 2015-01-08
12
Medium Priority
?
66 Views
Last Modified: 2016-02-20
I recently re-installed a server with SBS2008.  My local machines are not downloading and installing windows updates.  Can anyone point me in the right direction on the server to get my SBS server to tell the local machines it's ok to download and install updates?
0
Comment
Question by:pjnutt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +2
12 Comments
 
LVL 80

Expert Comment

by:arnold
ID: 40539517
It's part of a GPO use GPMC make sure the systems are in the correct sbs group.  There should be update packages one that defines where the wsus server is and the port on which to connect and then the updates that you can apply one set.

Make sure your wsus server is set and configured

Look at the GPMC for the standard wsus update policies I think they're are four.
0
 
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 40539537
1,  Have you configured WSUS (added categories and classifications)?
2.  Have you synced WSUS with microsoft update?
3. Have you approved the updates that you want?
4. Does the gpo for windows updates point to your WSUS server?
5. What error message if any are the clients getting?
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 40539705
By default WSUS enable in SBS - The policies are created on installation.

In the SBS Console have you done the initial synchronization? (Security Tab> Updates> Sync now - on the right)

You will need to do this.  It can take a long while for the first sync to complete because of the amount of updates.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 40539950
And, run the SBS BPA and fix anything it finds.  In ADUC verify the systems are in the My Business - Computers OU.
0
 

Author Comment

by:pjnutt
ID: 40549931
I have done the synchronization.  I also checked to make sure my systems were in My Business Computers.  I also checked my schedule in the SBS Console to make sure it's scheduled to deploy and that my computers were listed.  I still have updates on my local computers that don't seem to be being picked up by my server.

Anything else I can check?
0
 
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 40550163
still have updates on my local computers that don't seem to be being picked up by my server.  You have to approve the update, accept the terms (if needed), it will download and then be available for clients in the specified approved group
0
 
LVL 80

Accepted Solution

by:
arnold earned 1500 total points
ID: 40550361
look at the GPMC policies that are included with SBS to see what their settings are.
One that applies sets the location where the updates are to be retrieved from
The others are settings per type server, workstation
make sure to use target to separate between types.

Use GPMC to run a Group Policy Wizard on one of the systems that you think should be getting an update, and then look at the results dealing with windows updates if set it will show you you from where it should retrieve and other parameters, if you see nothing like that, it means your WSUS are not applied/configured.
0
 

Author Comment

by:pjnutt
ID: 40550495
I am showing under applied policies for one of my local PCs:
Update Services Common Settings Policy AND
Update Services Client Computers Policy
0
 

Author Comment

by:pjnutt
ID: 40550496
Under User Configuration Summary DENIED GPO's I am seeing:
Update Services Common Policy Settting Link Location: Local Reason Denied: Empty

Could this be the issue, if so, how do I address?
0
 
LVL 80

Expert Comment

by:arnold
ID: 40550623
empty means you've not configured it.

under the Update Services Common Settings Policy you would only configure the http://yourwsusserver:8350 in the two locations. and that is it.

In the Update Services Client Computers Policy
You would configure the do not reboot when someone is loged on to avoid an update applying while someone is logged in and at the conclusion the system will auto reboot if not set.
Here you will also configure the target.
i.e. if you have servers, and workstations, you would want to distinguish the behavior such that workstation will download and install updates.
While the servers will download and prompt.
This also separates the approval process, Using one target group you will approve rules for workstations and the other for servers.  if you have the will you can create a test OU where you will place one of each type of workstations you have and have security, critical, etc. updates auto-approved for this target.  Then you would wait a week or so to make sure that an applied update does not have an adverse impact on the functionality of each system at which point you would need to approve these for the rest .
...
0
 

Author Comment

by:pjnutt
ID: 40594596
I'm not clear as to where I am supposed to enter the  http://yourwsusserver:8350 .  Any chance you could provide more step by step instructions?
0
 
LVL 80

Expert Comment

by:arnold
ID: 40595120
this is added in the GPO to configure WSUS client access.
computer configuration\advanced templates\windows components\windows update
intranet address.

you should have a c:\program files\update services\ wsusutil which is the WSUS manager.


Use the update administrative tool to see what the status of the WSUS server.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question