swenger7
asked on
WSUS on Windows 2012
I have a Windows 2008 R2 server which has been running the WSUS Role for several years and I have not had a problem in the past with any of my clients. I setup 2 RDP/ Citrix Servers with Windows 2012 in the beginning of the year. WSUS seemed to have worked initially but the last update was April. Since then it tells me that there are updates when I log in but when I go to the Wndows Update screen, it won’t give me the option to update because it says the settings are managed by my system (through GP and WSUS). I pushed the WSUS settings with GPO. I had a similar problem with my third 2012 server which wasn’t RDP / Citrix. I removed that one from the OU so it doesn't get the GP for WSUS and I am now able to manually run updates. I ran RSOP on the first 2 servers, but can’t see anything that would block the WSUS. Not sure why I would only have an issue with 2012 servers.
ASKER
Actually they show as not reported in almost a year. There is a Firewall exception for that port. What else could be stopping them?
is the firewall port correct? by default 2012 uses port 8530 (8531 for ssl)
is the URL in the GPO correct (specify intranet location) ?
is the URL in the GPO correct (specify intranet location) ?
ASKER
Yes to both. See attached screenshots. I always have only added Firewall rules for Inbound. Never seemed the need for Outbound. Correct me if this is wrong with WSUS
Registry.JPG
Firewall.JPG
Registry.JPG
Firewall.JPG
when you run windows update, what happens? does it give an error?
what if you did http://192.168.1.28:8530/iuident.cab in a browser? does it download a cab file?
what if you did http://192.168.1.28:8530/iuident.cab in a browser? does it download a cab file?
ASKER
The file does download.
When I go to windows update, I have attached the first screenshot. When I click on the "Check for Updates" on the side I get the second screen shot.
Update.JPG
check.JPG
When I go to windows update, I have attached the first screenshot. When I click on the "Check for Updates" on the side I get the second screen shot.
Update.JPG
check.JPG
ok...so we ruled out communication problems; appears to be how the GPO is configured for that OU
what settings are configured when you run rsop?
what settings are configured when you run rsop?
ASKER
Attached screenshot
GP.JPG
GP.JPG
If you are logged on as administrator you should be look something like this:
Please, run the following comand on any failling server and send the resulting HTM file in order to make a deeper analysis of your group policy setting for that specific server.
GPResult /h MyGPSettings.htm
Please, run the following comand on any failling server and send the resulting HTM file in order to make a deeper analysis of your group policy setting for that specific server.
GPResult /h MyGPSettings.htm
ASKER
Here are the results
GPresults.pdf
GPresults.pdf
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
There is only one thing that may be something to do with: On "Citrix Servers" GPO check the "Remove links and access to Windows Update" setting. Just try to disable it and see what happens.
The above fixed the problem. I can now manually run the update. I still don't know what changed in 2012 whereas the same GPO in 2008 notified me that there was updates available and it allowed me to install even the above change.
The above fixed the problem. I can now manually run the update. I still don't know what changed in 2012 whereas the same GPO in 2008 notified me that there was updates available and it allowed me to install even the above change.
have any updates been approved for that computer group since april?