Windows Update Software: Why Isn't It Being Deployed on WSUS?

Windows Small Business Server 2008 with mostly Windows 7 workstation environment.

Until about a month ago, I was unaware of “Windows Update software.” It kind of creeps up on you if you trip over it by calling for manual updates. When you’re a server administrator and have your updates generally automatically downloaded and chosen when to install. Thus begins the genesis of this whole chapter of perplexity surrounding this Update Software.

As a WSUS manager for our servers, I habitually check the server for updates manually because I don’t have faith automatic downloading works efficiently nor reliably. Too often, I find the server gathers updates that are not being found in WSUS, which is suppose to deploy updates to workstations and the SBS.

Well, it doesn’t.

This goes for about 25 of our servers. I check for manual updates, and surprisingly, there’s new Windows Update software (7.6) – that is not downloading automatically when it’s configured to do so. Why would I want to chose if there’s security updates that ensue? Furthermore, if I have updates set to download automatically, why isn’t it?
After a brief wait, the screen reloads and there’s anywhere between about 70 to 500MB of updates waiting. Even more baffling, I’m finding after doing this Update software on the server, it’s still not showing up in WSUS to deploy to workstations. As a result, I have to update each workstation because WSUS won’t deploy the software.

I have issues all the live long day with WSUS: it’s an oddity and just can’t trust it to work properly. I see many updates being deployed but now I’m finding without this latest software, critical and important updates are being withheld. This is infuriating – what’s the point of WSUS if I have to visit each machine because it’s not properly sending what I would consider a critical update. May I also note, some of these machines claim Windows Is Up To Date, but when you check, I’ve found updates needed.

I’ve reinstalled and reconfigured settings and still, I’m finding WSUS is not deploying this “Update software” without doing so manually.

Is there some kind of KB Windows Update Software adheres to?

Can anyone provide more information on the Windows Update Software and why it doesn’t just download or at least make itself more aware without pulling teeth on Windows Update “check online for newest software”?

Is this typical and why aren’t these critical updates being deployed?
BBraytonAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DonNetwork AdministratorCommented:
Updates will not deploy until they are approved.

Are you approving updates in WSUS ??

Do you have any auto approval rules set ??

Do you have all the products and classifications that pertain to your environment selected ??

Take a look at the Best Practices

https://technet.microsoft.com/en-us/library/cc720525%28v=ws.10%29.aspx

Approving Updates

https://technet.microsoft.com/en-us/library/cc708475%28v=ws.10%29.aspx
0
BBraytonAuthor Commented:
Yep. I'm not only approving updates "Failed or Needed" but also Unapproved/Any ones as well. Here's a screenshot of a different one of our servers with this similar problem.

Update source > Sync from Microsoft

All products and classifications checked.

There's nothing in Unapproved/Failed or Needed/Any.

Yet, here's a workstation that does not have the latest software.

Found 57 updates. I had to restart the computer before downloading anything. Computer back up, now "everything's up to date". Check again? 57 updates are back.

Make note of when updates were checked.Updatesoft.JPG
0
DonNetwork AdministratorCommented:
On that same workstation what is the result from command prompt ??

Reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
0
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

DonNetwork AdministratorCommented:
Also do you have this update installed on your WSUS server ??

http://support.microsoft.com/kb/2828185
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BBraytonAuthor Commented:
dstewartjr: I applied that patch and no difference, restarted the server last night and allowed it to run its course. Finding even more machines that don't have the Windows Update software up to date. Can anybody at least confirm the KB number or anything to show me this is a deployed update. This is happening on multiple if not all of our SBS and S2008.
0
DonNetwork AdministratorCommented:
Again

On that same workstation what is the result from command prompt ??

Reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
0
BBraytonAuthor Commented:
Here's the result.

WVServer REG_SZ
WVStatusServer REG_SZ      "ServerAddress":8530
ElevateNonAdmins REG_DWORD 0x1      "ServerAddress":8530

HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate AU

I may have solved the issue with a few patches, including the one you've suggested. However, there's a newer definition available. When I checked a machine I had left without manually updating the WUA, it appears the patch pushed it out automatically to the workstations needed.

WSUSPatch274.JPG
The only remaining question is why weren't these critical WSUS patches applied automatically. Why did I have to go hunting for them? This is even after I reinstalled WSUS from the source (Microsoft). Microsoft's WSUS site is terrible, they really ought to post a complete package with these patches as its a massive security issue. These patches should downloading as a needed update on all systems with WSUS installed.
0
BBraytonAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for BBrayton's comment #a40658861

for the following reason:

Found newer New Patch that fixed the issue
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.