Solved

SBS 2008 WSUS

Posted on 2015-01-08
12
58 Views
Last Modified: 2016-02-20
I recently re-installed a server with SBS2008.  My local machines are not downloading and installing windows updates.  Can anyone point me in the right direction on the server to get my SBS server to tell the local machines it's ok to download and install updates?
0
Comment
Question by:pjnutt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +2
12 Comments
 
LVL 78

Expert Comment

by:arnold
ID: 40539517
It's part of a GPO use GPMC make sure the systems are in the correct sbs group.  There should be update packages one that defines where the wsus server is and the port on which to connect and then the updates that you can apply one set.

Make sure your wsus server is set and configured

Look at the GPMC for the standard wsus update policies I think they're are four.
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 40539537
1,  Have you configured WSUS (added categories and classifications)?
2.  Have you synced WSUS with microsoft update?
3. Have you approved the updates that you want?
4. Does the gpo for windows updates point to your WSUS server?
5. What error message if any are the clients getting?
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 40539705
By default WSUS enable in SBS - The policies are created on installation.

In the SBS Console have you done the initial synchronization? (Security Tab> Updates> Sync now - on the right)

You will need to do this.  It can take a long while for the first sync to complete because of the amount of updates.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 40539950
And, run the SBS BPA and fix anything it finds.  In ADUC verify the systems are in the My Business - Computers OU.
0
 

Author Comment

by:pjnutt
ID: 40549931
I have done the synchronization.  I also checked to make sure my systems were in My Business Computers.  I also checked my schedule in the SBS Console to make sure it's scheduled to deploy and that my computers were listed.  I still have updates on my local computers that don't seem to be being picked up by my server.

Anything else I can check?
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 40550163
still have updates on my local computers that don't seem to be being picked up by my server.  You have to approve the update, accept the terms (if needed), it will download and then be available for clients in the specified approved group
0
 
LVL 78

Accepted Solution

by:
arnold earned 500 total points
ID: 40550361
look at the GPMC policies that are included with SBS to see what their settings are.
One that applies sets the location where the updates are to be retrieved from
The others are settings per type server, workstation
make sure to use target to separate between types.

Use GPMC to run a Group Policy Wizard on one of the systems that you think should be getting an update, and then look at the results dealing with windows updates if set it will show you you from where it should retrieve and other parameters, if you see nothing like that, it means your WSUS are not applied/configured.
0
 

Author Comment

by:pjnutt
ID: 40550495
I am showing under applied policies for one of my local PCs:
Update Services Common Settings Policy AND
Update Services Client Computers Policy
0
 

Author Comment

by:pjnutt
ID: 40550496
Under User Configuration Summary DENIED GPO's I am seeing:
Update Services Common Policy Settting Link Location: Local Reason Denied: Empty

Could this be the issue, if so, how do I address?
0
 
LVL 78

Expert Comment

by:arnold
ID: 40550623
empty means you've not configured it.

under the Update Services Common Settings Policy you would only configure the http://yourwsusserver:8350 in the two locations. and that is it.

In the Update Services Client Computers Policy
You would configure the do not reboot when someone is loged on to avoid an update applying while someone is logged in and at the conclusion the system will auto reboot if not set.
Here you will also configure the target.
i.e. if you have servers, and workstations, you would want to distinguish the behavior such that workstation will download and install updates.
While the servers will download and prompt.
This also separates the approval process, Using one target group you will approve rules for workstations and the other for servers.  if you have the will you can create a test OU where you will place one of each type of workstations you have and have security, critical, etc. updates auto-approved for this target.  Then you would wait a week or so to make sure that an applied update does not have an adverse impact on the functionality of each system at which point you would need to approve these for the rest .
...
0
 

Author Comment

by:pjnutt
ID: 40594596
I'm not clear as to where I am supposed to enter the  http://yourwsusserver:8350 .  Any chance you could provide more step by step instructions?
0
 
LVL 78

Expert Comment

by:arnold
ID: 40595120
this is added in the GPO to configure WSUS client access.
computer configuration\advanced templates\windows components\windows update
intranet address.

you should have a c:\program files\update services\ wsusutil which is the WSUS manager.


Use the update administrative tool to see what the status of the WSUS server.
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Back in July, I blogged about how Microsoft's new server pricing model, combined with the end of the Small Business Server package, would result in significant cost increases for many small businesses (see SBS End of Life: Microsoft Punishes Small B…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question