Clients Not Updating - SBS2011 to Server 2012 R2

So you understand my skill level, let me preface with saying that I am a self taught administrator with little formal training besides the online MCSA training course for Windows Server 2012.  I never took the actual test.  I also work for a small business and wear many different hats, so I do not focus all of my time on IT.

Back in July of 2015 we had a company migrate us from SBS 2011 to Server 2012 R2.  We did this so that we could install the latest version of Microsoft GP.  

The Problem:
The client computers are not checking the Microsoft Update portal for updates.  Some of the computers have not been updated for more than a year.

Our previous SBS 2011 installation had WSUS installed and running.  The current Server 2012 R2 installation does NOT have WSUS installed.  My guess is that there are some artifacts left behind from SBS 2011 WSUS that may be causing the clients to not be able to update from the MS Update portal.

Ultimate Goal:
Client computers need to be able to update from Windows Update without an admin to approve updates.  We have less than 20 client computers, so I am not concerned with update issues for such few clients.  However, we do run a multiple server environment, but I want to be notified before updates are installed.   I only have a couple server instances so manually checking the updates should be a problem even without WSUS installed.

How do I isolate the problem and correct it so that the clients can update and so I can manually install updates to servers?

Thanks in advance!
Darth ChadakinJourneymanAsked:
Who is Participating?
DrDave242Connect With a Mentor Commented:
It's likely that the Group Policy object that configures clients to get updates from the now-defunct WSUS server is still around, so clients are looking only to that server for updates. To confirm this, you can run gpresult /h c:\temp\gpresult.htm on a client (substitute your own file path if you like), then open the resulting HTML file in a browser (IE will be best, because that file will use an ActiveX control).

That file will show you all of the settings being controlled by Group Policy. The WSUS settings are located here:

Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Update

There are two specific settings to look at: Configure Automatic Updates and Specify intranet Microsoft Update location. The former setting controls things like whether the clients will automatically download and/or install updates, and if so, what time this will happen. Setting it to "Not Configured" will allow users to control these settings on their own machines. The latter setting is more important in your case, as it tells the clients where to find a WSUS server. If you set it to "Not Configured," clients will get updates from Microsoft rather than a WSUS server.

The HTML file will show you which GPO is controlling these settings. Use the Group Policy Management Console to modify that GPO. You can then run gpupdate /force on a client to manually refresh its Group Policy settings, or you can just wait for the refresh to happen automaticaly.
Darth ChadakinJourneymanAuthor Commented:
Thanks for your response!

Making the adjustments now.  I will let you know how it goes!
Darth ChadakinJourneymanAuthor Commented:
Thanks for the help!

One note for other users that find the same issue, I did have to create the temp folder because I did not have one created already.  The run command would fail otherwise.

The report was extremely helpful.  It was also helpful in finding other GPO related issues that we had going on as well.

Thanks again!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.