WSUS on Server 2016 not showing any Windows 10 or 2016 updates needed
WSUS on Server 2016 not showing any Windows updates available for Windows 10 systems: I've read the EE thread with this title. The OP abandoned the question (and abandoned WSUS) without a resolution. I'm having the exact same problem. I've searched and searched for several weeks without finding a solution. I found a long series of posts on the exact same issue on another tech community site which has no resolution either. Here's the deal:
I have WSUS installed on a Windows 2016 server. This is a 2016 Standard domain that was migrated from an old SBS2008 domain. It's been up and running successfully for nearly a year. The domain consists of two 2016 servers (one DC and one RDS, both v1607), one Windows 2008 R2 server running SQL 2008, five Win7 workstations and eight Win10 workstations (6 are v1703 and 2 were upgraded to v1709). The original WSUS database was on the Win2008R2 server. At the end of the migration I moved it to the 2016 RDS server. It was working fine for about 7 or 8 months. All of a sudden (I assume it was probably some update that caused it), WSUS stopped working for all of the servers (including the 2008R2 server) and all of the Windows 10 workstations. It would download the required updates but all updates (except for Office and Win7) showed as not needed ("Needed" column = 0).
After a number of tries to repair WSUS, I decided to move it to the Win2016 DC. This was a fresh install, not a migration, and is where it's now installed. That did resolve the issue with the Win2008R2 server. So, now all of the updates for Office, Win7 and Win2008R2 can be approved and installed through WSUS. ALL of the Win2016 and Win10 updates, including Feature upgrades, are in the database but show as not needed. My WSUS settings are slightly different for workstations and servers, but only to the extent of the settings for when to download and install (see graphic below). Workstations are set to download and install at a specific time, servers are set to download but not install (I install and restart them manually). Also, the Delay Optimization mode is set to Simple (99).
What I've tried: I've tried removing the servers from WSUS and re-adding them. They show up again but still behave the same way. I've tried setting the 2016 servers to update from the Internet, and that works. I tried deleting the SoftwareDistribution and catroot2 folders from one of the servers and that didn't fix the problem. I've checked and the servers have the QualityCompat regkey in place. I've also check the BranchDistribution key, and it's not there at all. I'm pretty sure there's other random stuff I've tried, but I can't think of all of it now.
Any thoughts or suggestions?
I have WSUS installed on a Windows 2016 server. This is a 2016 Standard domain that was migrated from an old SBS2008 domain. It's been up and running successfully for nearly a year. The domain consists of two 2016 servers (one DC and one RDS, both v1607), one Windows 2008 R2 server running SQL 2008, five Win7 workstations and eight Win10 workstations (6 are v1703 and 2 were upgraded to v1709). The original WSUS database was on the Win2008R2 server. At the end of the migration I moved it to the 2016 RDS server. It was working fine for about 7 or 8 months. All of a sudden (I assume it was probably some update that caused it), WSUS stopped working for all of the servers (including the 2008R2 server) and all of the Windows 10 workstations. It would download the required updates but all updates (except for Office and Win7) showed as not needed ("Needed" column = 0).
After a number of tries to repair WSUS, I decided to move it to the Win2016 DC. This was a fresh install, not a migration, and is where it's now installed. That did resolve the issue with the Win2008R2 server. So, now all of the updates for Office, Win7 and Win2008R2 can be approved and installed through WSUS. ALL of the Win2016 and Win10 updates, including Feature upgrades, are in the database but show as not needed. My WSUS settings are slightly different for workstations and servers, but only to the extent of the settings for when to download and install (see graphic below). Workstations are set to download and install at a specific time, servers are set to download but not install (I install and restart them manually). Also, the Delay Optimization mode is set to Simple (99).
What I've tried: I've tried removing the servers from WSUS and re-adding them. They show up again but still behave the same way. I've tried setting the 2016 servers to update from the Internet, and that works. I tried deleting the SoftwareDistribution and catroot2 folders from one of the servers and that didn't fix the problem. I've checked and the servers have the QualityCompat regkey in place. I've also check the BranchDistribution key, and it's not there at all. I'm pretty sure there's other random stuff I've tried, but I can't think of all of it now.
Any thoughts or suggestions?
ASKER
I appreciate your efforts to answer my question, Peter, however your suggestions show that you haven't read my post carefully and completely. I've set up many WSUS servers and of course have covered all of the items mentioned in your post. Your suggestions are at a very basic level, while my question clearly shows an advanced level of familiarity with WSUS and an advanced level of understanding required to help resolve this issue.
Regarding your comment on installing WSUS on a DC, it has value for a large organization. However, there are only 15 users at this office, and the workstations are set to contact the server only every 4 hours, so I doubt that it could seriously impact user authentication on the DC.
Regarding your comment on installing WSUS on a DC, it has value for a large organization. However, there are only 15 users at this office, and the workstations are set to contact the server only every 4 hours, so I doubt that it could seriously impact user authentication on the DC.
What about GPO settings, have the following settings been updated on the GPO and have the PCs picked up the new settings to look at the new WSUS server: Configure Automatic updates, Specify intranet Microsoft update service location ?
Also, have you tried forcing the PCs to detect new updates. As the information may take a while to filter to the wsus server to detect new updates?
Also, have you tried forcing the PCs to detect new updates. As the information may take a while to filter to the wsus server to detect new updates?
ASKER
It's been about 2 weeks since I changed over to the new server. I know you can't see all of the details on my GPO list above, but yes, all of the configuration settings are there pointing to the new server, etc. Also, all of the PCs and servers are connected to the new WSUS server and are checking in regularly. So, part of the mystery is...does the problem lie with the WSUS server or with the clients? The WSUS server is detecting the updates and listing them as available. However, all of these updates (Win2016 and Win10) show as not needed in the database. So, despite the fact that the machines are checking in, they never receive any updates. The only way to see the updates in the database is to list "Unapproved" or "Any except declined" for Approval and "Any" for Status in the WSUS console. The updates never show up as needed for installation so approving them is a useless exercise.
ASKER
This issue was eventually solved by implementing various changes. I wasn't able to get the Win2016 servers to use WSUS to update and set them to Manual. This was no big problem as there are only 2 of them. I tried many various things and unfortunately, since it's been some time ago, don't remember exactly what solved the issue.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
In the Products list , make sure Windows 10 is ticked, on the Classification tab, make sure Security Updates is enabled and any other type type s of updates you want to deploy. You also need to Set Update files and Languages to match the language of Windows installed.
Then you need to set the Update Source e.g. Microsoft, and optionally a proxy server (if behind one), and set a Sync Schedule to regulary check for new updates.
Click on Synchronization and start a sync and hopefully all the updates are fetched.
BTW, installing WSUS on a DC is not a good idea as WSUS will use a lot of n/w bandwidth and will slow down user authenication to the DC.