WSUS 2012 Server, clients not reporting status.

Hi everyone, we are having issues with our clients not being able to recieve updates from the WSUS (6.2.9200.16384). Only about 1/3 of our computers are listed in the WSUS console, of those, only a couple have reported within the last few days, the others haven't reported in weeks/months. We have done all the wuauclt /reportnow and /detectnow commands ad naseum to no effect.

When I check the windowsupdate.log on a computer, it's making log files from the current time, but when I check the WSUS console on the server it says that it hasn't heard from this specific computer in 22 days. I will add that this WSUS server has never worked properly, it's been an ongoing project that has seen multiple delays. So while it's been up for about a year, we haven't really paid it much attention until the last few weeks.

I will try to answer all questions that are asked, most grateful for any assistance we could get.
admin1mAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

cshepfamCommented:
When you created the WSUS server, did you add a group policy that points to the WSUS server so that all clients in the domain will pull updates only from that server?
0
ChrisCommented:
The policy is question is Computer Config\Admin Templates\Windows Components\Windows Update\Specify Intranet Microsoft Update Service Location.
0
admin1mAuthor Commented:
Hi, guys, I'm not sure what you are asking. We have a group policy with all the computers that we want included in it. The local computers are pointing towards our wsus server ( WUServer and WUStatusServer). computer\hkey_local_machine\software\policies\microsoft\windows\windowsupdate
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Seth SimmonsSr. Systems AdministratorCommented:
when you run windows update manually on one of those clients, what does it do?
i would expect an error to be returned - might start with that
on the other hand, if WSUS hasn't been working right and are having other issues, might look into tearing it down and rebuilding
0
admin1mAuthor Commented:
I've noticed that I get different errors, 80240034, 8024401f, 8024401c are a few that I've seen on the different clients.
0
Riaan SmithNetwork AdministratorCommented:
This might be a dumb comment, but have you made sure that your computers are pointing to the correct TCP port? (8530 by default if I'm not mistaken?)

Also, why don't you create a GPO, and set the update location in it - you can also set download parameters and client side targeting if you want WSUS to automatically "sort" your hosts?

One more thing - have you ran a packet capture on one of the problematic hosts and ensure that its establishing connection during an update attempt, and where its establishing the connection to?
0
admin1mAuthor Commented:
Hi Riaan, thanks for the reply. The computers are all pointing towards the WSUS with the correct port, 8530 as you mentioned.

We have created a GPO, but I'm a bit unsure of what you mean by setting the update location in it. Do you have any resources you can point me towards, or perhaps explain a bit more. I'm sorry, this is all very new to me and my experience is quite limited.

What capture package would you suggest we use?

Thanks for the help.
0
Riaan SmithNetwork AdministratorCommented:
Hi Admin1m,

In your GPO that you have created for the WSUS, browse to:

Computer Configuration | Policies | Administrative Templates | Windows Comonents | Windows Update

Set the "Specify intranet Microsoft Update service location" setting to "Enabled".
Set both "Set the intranet update service for detecting updates" and "Set the intranet statistics server" setting to your wsus server, including the port. For example "http://wsus.domain.local:8530"

Be sure to also set "Configure Automatic Updates" to "enabled", and specify your detection frequency and time settings in that policy.

For packet capture I very frequently use Wireshark, set a capture filter for "port 8530 and host {the hosts' IP address}" (a decent example of a capture filter: "host 10.1.1.36 and port 8530") - that will allow you to see all the communication between your PC you are troubleshooting and and the WSUS server. Doing that allows you to very quickly identify if there are communication problems between the two, if the TCP sessions are properly establishing, if there is packet loss...

Have a look at this link, maybe it will also be of some help?

http://www.grouppolicy.biz/2011/06/best-practices-group-policy-for-wsus/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Riaan SmithNetwork AdministratorCommented:
The link I sent you is pretty much exactly what my configuration looks like, except I didn't use "Client Side Targeting", and it works very very well.
0
admin1mAuthor Commented:
Hi again Riaan,

Thanks for the great response, the GPO had been confiured correctly. And the settings were configured as you explained. I will try to go through the link you so helpfully posted and see if there is something I can pick up from there.

I will also be trying Wireshark to see if I an get some additional information. I will post my findings, thanks again for the help.
0
admin1mAuthor Commented:
I haven't been able to find any differences from the link you posted and what I have set up here. Are you running 2012 or 2012 R2? I've read about some potential issues with 2012, have any of you heard about any potential issues?
0
Riaan SmithNetwork AdministratorCommented:
Hi admin1m,

I'm running WSUS on Server 2012R2, so not aware of any issues with 2012. If all else fails, maybe your best bet would be to remove WSUS completely and start fresh?

Have you been able to confirm that your clients that are not reporting to WSUS are in actual fact trying to contact the server in the first place using Wireshark? It would be horrible if you reload WSUS from scratch just to find the problem was not on the server in the first place?
0
admin1mAuthor Commented:
Hi Riaan, I took your advice and ended up trying to track the packets. Seems that everything was in place. I made a bit of progress by not storing any updates locally and instead getting them through MS. I changed it back and it seems to have worked somewhat. A new issue I'm having now thoug is that the windows update service on the server keeps stopping itself. Seems like once or twice an hour and I have to manually restart it. It's set to automatically start with a delay. Not sure what's going on.
0
Riaan SmithNetwork AdministratorCommented:
Hi admin1m,

That's good, and bed news :-)

I've seen the Update Service stopping problem once before on SBS2011 - this isn't perhaps SBS 2011 you're running on?

What account does your service use to log on with?
0
admin1mAuthor Commented:
It's a local admin account and it's a 2012 server installation. I think the server was run as something else previously, so it's not a clean install. I'm wondering if there might be some ghosts from the past roaming about :)
0
Riaan SmithNetwork AdministratorCommented:
Have you been through your event logs to see what may cause the service to stop?
0
Riaan SmithNetwork AdministratorCommented:
I quickly had a look, my "WSUS Service" uses "Network Service" to log on, and "Windows Update" uses "Local System". Windows Update service is configured with a startup type of "Manual (Trigger Start)" and WSUS Service with "Automatic".
0
admin1mAuthor Commented:
Hi again, apologies for the delayed response. I haven't been able to find any error messages pertaining to the turning off of the service in the logs, and my services are configured the same as yours Riaan.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.