Clients Not Updating - SBS2011 to Server 2012 R2

Posted on 2016-09-15
Last Modified: 2016-09-15
So you understand my skill level, let me preface with saying that I am a self taught administrator with little formal training besides the online MCSA training course for Windows Server 2012.  I never took the actual test.  I also work for a small business and wear many different hats, so I do not focus all of my time on IT.

Back in July of 2015 we had a company migrate us from SBS 2011 to Server 2012 R2.  We did this so that we could install the latest version of Microsoft GP.  

The Problem:
The client computers are not checking the Microsoft Update portal for updates.  Some of the computers have not been updated for more than a year.

Our previous SBS 2011 installation had WSUS installed and running.  The current Server 2012 R2 installation does NOT have WSUS installed.  My guess is that there are some artifacts left behind from SBS 2011 WSUS that may be causing the clients to not be able to update from the MS Update portal.

Ultimate Goal:
Client computers need to be able to update from Windows Update without an admin to approve updates.  We have less than 20 client computers, so I am not concerned with update issues for such few clients.  However, we do run a multiple server environment, but I want to be notified before updates are installed.   I only have a couple server instances so manually checking the updates should be a problem even without WSUS installed.

How do I isolate the problem and correct it so that the clients can update and so I can manually install updates to servers?

Thanks in advance!
Question by:Darth Chadakin
  • 2
LVL 25

Accepted Solution

DrDave242 earned 500 total points
Comment Utility
It's likely that the Group Policy object that configures clients to get updates from the now-defunct WSUS server is still around, so clients are looking only to that server for updates. To confirm this, you can run gpresult /h c:\temp\gpresult.htm on a client (substitute your own file path if you like), then open the resulting HTML file in a browser (IE will be best, because that file will use an ActiveX control).

That file will show you all of the settings being controlled by Group Policy. The WSUS settings are located here:

Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Update

There are two specific settings to look at: Configure Automatic Updates and Specify intranet Microsoft Update location. The former setting controls things like whether the clients will automatically download and/or install updates, and if so, what time this will happen. Setting it to "Not Configured" will allow users to control these settings on their own machines. The latter setting is more important in your case, as it tells the clients where to find a WSUS server. If you set it to "Not Configured," clients will get updates from Microsoft rather than a WSUS server.

The HTML file will show you which GPO is controlling these settings. Use the Group Policy Management Console to modify that GPO. You can then run gpupdate /force on a client to manually refresh its Group Policy settings, or you can just wait for the refresh to happen automaticaly.

Author Comment

by:Darth Chadakin
Comment Utility
Thanks for your response!

Making the adjustments now.  I will let you know how it goes!

Author Closing Comment

by:Darth Chadakin
Comment Utility
Thanks for the help!

One note for other users that find the same issue, I did have to create the temp folder because I did not have one created already.  The run command would fail otherwise.

The report was extremely helpful.  It was also helpful in finding other GPO related issues that we had going on as well.

Thanks again!

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now