WSUS

Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Our WSUS for some reason only goes up "Feature Update to Windows 10 Enterprise, version 1703"
We need to deploy windows 10 1809 feature update across domain, we're at a lose as to why our WSUS doesn't download the newer feature updates.  We've confirmed the classifications\products are set correctly.
0
I have several server core installs that are not contacting our WSUS server despite manually adding these WSUS registry keys :

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"ElevateNonAdmins"=dword:00000000
"TargetGroup"="Servers"
"TargetGroupEnabled"=dword:00000001
"WUServer"="<mywsus server>"
"WUStatusServer"="<mywsus server>"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"AUOptions"=dword:00000005
"AutoInstallMinorUpdates"=dword:00000000
"DetectionFrequency"=dword:0000000c
"DetectionFrequencyEnabled"=dword:00000001
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
"NoAutoUpdate"=dword:00000000
"RebootRelaunchTimeout"=dword:0000000f
"RebootRelaunchTimeoutEnabled"=dword:00000001
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003
"UseWUServer"=dword:00000001


We see the following error in the Event log on the server-core when trying "wuauclt /detectnow"

Fault bucket , type 0
Event Name: WindowsUpdateFailure2
Response: Not available
Cab Id: 0

Is this is firewall issue?  We have full OS installs in the same subnet that ARE communicating with the WSUS server.

Can someone point me to documentation that will tell me how to configure the GPO's for our server-core servers so they at least check-in with our WSUS server so we can manually install the updates during planned maintenance windows?
0
Workstations not applying updates.

I am pushing our Win10 1903 update via WSUS, the workstations have it ready and if Iog in and look at updates it says:
'We're all set for the restart you scheduled at......'

each workstation seems to have a different date and time, despite being all turned on at the same time. If I select 'restart now' the update applies. otherwise they never seem to actually install the update. I want a setting that makes any updates to install at next reboot. I have a number of Windows Update GPO, something must be missing.

can anyone advise?
screens.docx
0
Having a connection error when loading up our WSUS server

Error code:

The WSUS administration console was unable to connect to the WSUS Server via the remote API.

Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.

The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the administration console. If this error persists,

Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC\.


System.IO.IOException -- The handshake failed due to an unexpected packet format.

Source
System

Stack Trace:
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at …
0
hello EE community,

I have the following script below that "auto-approves" the updates that were already approved to the 'QA_servers' target group to 'CORP_servers' group. However, we want to exclude all SQL updates from being approved to the 'CORP_servers' group from the most recent approval.

For example, Only approve the updates that were approved to the QA_servers within the last 7 days to the CORP server excluding SQL updates.
######WSUS script###############


$WsusServerFqdn='wsus1.corp.com'
$WsusSourceGroup = 'QA_servers'
$WsusTargetGroup = 'CORP_Servers'
#Create empty email body array
$body = @() | Out-string
[void][reflection.assembly]::LoadWithPartialName( “Microsoft.UpdateServices.Administration”)
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer( $WsusServerFqdn, $False, ‘8530’)
$Groups = $wsus.GetComputerTargetGroups()
$WsusSourceGroupObj = $Groups | Where {$_.Name -eq $WsusSourceGroup}
$WsusTargetGroupObj = $Groups | Where {$_.Name -eq $WsusTargetGroup}
$Updates = $wsus.GetUpdates()
$i = 0
ForEach ($Update in $Updates)
{
if ($Update.GetUpdateApprovals($WsusSourceGroupObj).Count -ne 0 -and $Update.GetUpdateApprovals($WsusTargetGroupObj).Count -eq 0)
{
$i ++
Write-Host (“Approving ” + $Update.Title)
$body += ("Approving ” + $Update.Title)  | ConvertTo-Html
$Update.Approve(‘Install’,$WsusTargetGroupObj) | Out-Null
}
}
Write-Output (“Auto-Approved {0} updates for target group {1}” -f $i, $WsusTargetGroup) | Out-File 

Open in new window

0
All,

We are having an issue on the windows sever 2012 . Please provide your inputs to fix the issue .
We are unable to install any roles and features on windows sever 2012 R2 ,All severs are built based on CIS Image in Azure I Market place As per CIS bench mark allow remote shell was disabled we have enabled and tried but no luck . please help .
0
WSUS fails to download updates. Im sick of this application. I have it on Server 2012. I have rebuilt this 10x and tried both WID and SQL DBs. I have run every tool to repair i can find. Im at a point i can keep the program up and access the screen to see updates. However, when i push an update to approve, it never downloads. When looking in BITS, i see the transfer in state, transient error. Suspended. I dont know how to get around this and am looking for any help.
0
Hello I'm looking for an automated way to keep our WSUS clean & running smoothly, similar to the script mentioned in this article.  Basically our WSUS DB has gotten so large, it keeps crashing the WSUS service.  
https://community.spiceworks.com/topic/2140056-maybe-wam-wsus-is-not-longer-free

Thanks.
0
I have a new ISO downloaded from our Microsoft licensing account and created a vanilla MS Server 2016 system with proven access to internet / no other software at all installed. I am getting what many others see "Downloading updates 0%". I have tried removing softwaredistribution folder, downloaded cumulative update manually, tried joining to domain and using WSUS instead of internet, ensured FW is off, disabled Windows Defender in local group policy, not using proxy in domain or IE, not a RTM version, i've tried everything i can find on the internet - the server goes days nothing but stuck at this status and installs no updates.

An update shows briefly for 1sec, and then immediately goes to "Downloading updates 0%".

This is not a new problem on the internet. What is goin on - what is the fix for this for Windows 2016? (all other systems on my network work with WSUS)  Installed updates manually is not an option/fixes only once and problem stays next month. What's this fix?
0
Hello All,

Very odd - WSUS on Server 2016 does not show any computers.  I usually use the "use the update services console" instead of "use group policy" but neither will work .  If I search for a specific system nothing shows up.  I have set this up many times on other networks with no problems.  Any suggestions?

Regards,

Rob Battaglia
0
Hello IT people 😁
I need to build a data center. from servers point of view, how to do or what is the best practice for the followings:
1- for the DHCP I Need the setup to be HA or Cluster.
2-for WSUS I Need the setup to be Cluster.
3-for  SMTP I Need the setup to be HA.
4- for MYSQL DB I Need the setup to HA with Sync.
5-For NTP I Need the setup to be HA or Cluster.
6-For AD please note that's required to moving FSMO, maybe TLS needed, trust configuration between Server Farm and DMZ domains if used and GPO for all Systems.


feel free to ask any questions to help me 😅
0
I had asked a previous question about patch management and the solution seemed to be to implement WSUS.  However, there are other products such as Adobe that also need to be updated regularly.  Does WSUS assist with updating Adobe also somehow?  

Additionally, when there is about 25 computers on the network, is it better to somehow just enable the products like Adobe to automatically update themselves if possible?  Or is there another software that incorporates Microsoft and other products?
0
We have a fairly large server environment along with well over 10 sql servers.  We use WSUS for most of our windows updating needs.   Should i use WSUS for my sql server updates?  Thoughts or commentary welcome.
Thanks!
0
DB2 10.5 on Windows Server 2012 R2

I am trying to get DB2 to work with the DB2ADMN group on a windows server.  I want any account in the DB2ADMN group to have sysadmin rights on DB2.  From everything I have read and from other questions I have posted here, this should work, but it does not.  
Here is what I have done.

Create the windows group DB2ADMNS and add my domain1\AITDB2Service account to it.  This is a domain account and it runs the DB2 service under Windows and it is a local admin on the windows server.

db2set DB2_GRP_LOOKUP=LOCAL,TOKENLOCAL
db2 update dbm cfg using sysadm_group DB2ADMNS
DB2STOP
DB2START


When I look at the DBM CFG see this.

SYSADM group name                        (SYSADM_GROUP) = DB2ADMNS
 SYSCTRL group name                        (SYSCTRL_GROUP) =
 SYSMAINT group name                     (SYSMAINT_GROUP) = xxx
 SYSMON group name                        (SYSMON_GROUP) = xxx


I can log into DB2 using AITDB2Service no issue, even though when I look at the SECURITY tab in TOAD, the AITDB2Service user is not there.  I can do selects and updates and such on tables, but I can't do CREATE TABLE or run a backup. When I try to run a backup I get...

SQL1092N  The requested command or operation failed because the user ID does
not have the authority to perform the requested command or operation.  User
ID: "AITDB2SERVICE".


If I try to grant privileges using AITDB2Service I get this.

GRANT DBADM WITH
0
we have an urgent requirement of deploying some updates and internet explorer 11 on the windows 7 clients.

we have a lot of agents without sccm agent as we have some pki issues.

I want to temporarily install a wsus server and want to install a few updates and internet explorer 11

is it ok to redirect the clients to a temporary wsus server for updates and then unlink the GPO so that the clients go back to the SUP installed on SCCM.

any help on installing and configuring the wsus server for my situation
0
We've got an Upstream WSUS & a down stream WSUS.  I've create a new group on the Upstream WSUS in an attempt to move a few machines into for testing purposes.  On the upstream (where i created the new group) all machines are currently in the 'Unassigned Group' from within the Unassigned Computer group i have no option to change membership.  On the downstream in the Unassigned group i can right click & Change Membership is there, I can select the new group I created on the upstream to move the machines into.  The new group is not visible on downstream, when i moved the machines into the new group they disappeared from the Unassigned Group, but with that new group not being present on downstream where'd it move them too?  I've synced the two, the new group on the upstream remains empty.  I've also selected the Computer from the options menu & selected 'Use GP or reg settings on computers'
0
My WSUS 2016 server is full with WSUS content using around 900GB of space. I am surprised it needs to much. I have run the server cleanup and it only cleared around 10GB

I am downloading:
Language - English
Products - Windows 10, Server 2012, Server 2016, Office 2016
Classifications - Critical, Definition, Security, Feature Packs, Updates, Service Packs and Upgrades


When I look at 'All updates' there are 1000's classed as Windows XP, Server 2003 etc that surely should go with the cleanup?
0
I am running wsus in win2k12 r2 server. All of sudden starting today when I select All computers and filter “Installed/Not applicable@ it is showing count as 0. However when drill down to the groups I can see clients with 100% updates installed.

Not sure why it is happening . However other filters like failed / Needed and No status populated the machine list. Any idea please
0
Hello All - I have a new 2016 Server that was a migration from an old SBS 2011 server.  All the roles have been moved and the old server is turned off.  I want to get rid of the WSUS roles since I am not installing it on the new server.  In GP I see the Update Services Common Settings and Client Computer Settings is still there from the migration.  I would like this all turned off so I modified the common settings gp and disabled the intranet option in Windows Updates so that the systems would go directly to the MS site for updates.  But the server will not download updates.  It starts and gets to about 9% and then stops with the error that I have attached.  Any thoughts as to why this might be happening?

Regards,

Rob
0
dear all


         I got a server 2012 r2 got stuck in checking update, and we have a WSUS server manage all the update, and when I look at wsus console, I see this server 2012 has no status, and I see below error in event log, also I tried to by pass wsus for this server 2012 in GPO, when I ran gpupdate/force I see the same error at below, any idea how to get this fix ?

 1
keith
0
DB2 10.5 on Windows Server 2019 Standard

I am trying to set up a DB2 cluster using Windows Clustering.  I have been using a few different resources from the web to set this up.  One is ..
https://www.ibm.com/developerworks/data/library/techarticle/dm-1212mscs/index.html
and another is ...
https://docs.starquest.com/Supportdocs/techSQDRPlus/PDF/IBM_DB2_Cluster_0301nomani.pdf

Both are excellent resources but I am be missing something.

Here is an overview of what I have.

Windows Cluster with 3 drives (data, log, and Quorum) named KGSLTWICDB01 with IP address by running the db2mscs -f c:\download\db2mscs.cfg. I have tested the failover and it seems to work fine.
2 DB2 Nodes (KGSLTWICDBN01 and KGSLTWICDBN02)
Under the cluster manager I see a db2Group role and both nodes show in the Nodes section.

My main question is how the heck do I set up the second node?  The documents seem to assume I know how to do that or that setting up node1 takes care of node2, but I don't see that.

When I run DB2iList on node1 I get
DB3          c : KGSLTWICDB01

When 1 run same on node2 I get
DB2

So what am I missing?  What do I need to do to get node2 set up the way it needs to be?

Thank you!

Jim
0
I have received the error code 0x80244019 from the client side when i check the update,
I have a WSUS server and approved the needed updates, it is downloaded in the server.
the client doesn't have an internet jut connected directly to the server,
ping between the server and client both side is reply,
telnet from the client to the server is listened,
0
Hi,

I am running WSUS on server 2012 R2 using the windows internal Database.
the database is using up a huge chunk of my Physical Memory on the server.
Is there a way I can limit how much memory the database uses?

I do not have SQL Enterprise installed on the server and will not be able to install it there.
0
Hi,

I am having trouble to install .net framework 3.5 or 4.o  in Window 10 enterprise due to WSUS server we have.

Any suggestions are appreciated!

Thank you very much in advance!
0
Dear all can any one let me know how to use windows package publisher to update adobe flash player.
0

WSUS

Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Top Experts In
WSUS
<
Monthly
>