WSUS

854

Solutions

997

Contributors

Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Share tech news, updates, or what's on your mind.

Sign up to Post

Just the last couple of days our 500+ WSUS clients go straight to

Error 8024401f

The WSUS server 2012r2  has been rebooted, and appears to be OK, syncs updates from MS etc. It will not even update itself from itself.

Can anyone please advise?
Thanks
0
Announcing the Most Valuable Experts of 2016
LVL 6
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

I need a powershell to show me all of my computers by group please and I need it in a CSV.

I'm using server 2012 R2 and I have about 20 groups.  I need to produce a list so I can post it on our sharepoint but I'm not sure how to do it.

What I'd like is a list of computers in WSUS, by group.

Thank you

Cliff
0
We would like to set up a WSUS server in our DMZ (Internet Facing) for our external users to get MS updates.  I believe for licensing (EULA) requirements the users would have to vpn into the network to get the approved updates.
This would be managed separately from our internal WSUS server, so we don't need to 'downstream' updates from the DMZ  WSUS server to our internal WSUS server.
Server:  Windows 2016 Std, WSUS v 10.
Any suggested links, information, certificate requirements, etc., would be greatly appreciated.

Thank you,
0
I have in the past used registry settings on my Windows 7 clients to get them to report to WSUS on 2008 server and all worked fine.  With my new 2012 r2 WSUS server (with same name and ip) they are not listing themselves in the console.  I had to rebuild the 2008 WSUS server once in the past and the clients just showed up after reporting day and time had passed.  I did a detectnow from one machine and it still didn't show in the console.  Any direction for this.
0
Hi
Our WAN consists of three sites, each of which has its own WSUS server running completely separately of each other.
The updates that get automatically approved are Critical, Definition & Security.
We get a report after each synchronise from each server with the updates that we manually have to approve.

If I reconfigure two of the servers to be in Replica Mode and downstream Servers, will any updates I manually approve on the Primary server automatically get approved on the two Replicas?
regards
Rick
0
So, I have this rollup I pushed on 6/15 to all of my servers.  Inside that rollup is a KB - 4021903.  For reasons too long to explain, I need to know if that specific KB is installed on my servers.  I have figured out how to tell that.

My question is, if the KB is installed as part of a rollup, will it still show if I do a separate search for the KB?

Here's what's going on...I pushed out the rollup to ALL of my computers.  I know I did...I can look for the rollup in the approved patch list and it's there.  However, I ran a powershell, and a detailed report in WSUS and it looks like the KB is NOT installed on a large number of my servers.

When I run a report on all approved and installed updates, ALL of my servers except two are compliant.  BUT, when I run the detailed reports, and the powershell scripts, I see a large number of servers that do not have the KB in question.

So, I was thinking that since the KB is in the rollup, it might not show up as in a search for the standalone KB.

Am I right or wrong?

Thanks

Cliff
0
I have a list of KBs and I need to know if they are installed on my servers.  I have over 400 servers.

Can WSUS report like that?

I can't find it if it can.  I AM able to powershell it, but it takes hours to run all the different OSes and of course, that's cumbersome.  I can tell that coming soon, I am going to need to report on whether or not a particular KB is installed on our servers and produce lists of servers that do not have a specific KB and I don't see WSUS reporting doing that.

Am I missing something?

Thanks

Cliff
0
I've just installed and activated Server 2016, and learned that I need to use the sconfig utility to set my Windows Update preferences, as download only mode and manual mode aren't exposed in the new GUI.

When I launch sconfig, the "Windows Update Settings" setting is set to custom.  However, whenever I try to switch to manual mode (option 5, then the letter M), the console displays "Setting updates to Manual...", and a separate alert appears, "Windows Update set to Custom.  System has custom configuration for updates."  After I dismiss the alert, the sconfig main menu reappears, and the setting is still "custom".  Here's a screenshot of what I'm referring to:

Sconfig issue
Why won't sconfig accept the manual setting?  This server doesn't participate in WSUS, and all of the WU settings in local policy (Computer Config-->Admin Templates-->Windows Components-->Windows Update) show as "Not Configured".
0
Can WSUS be located on a separate server and still be integrated with SCCM in pushing out updates?
0
I've just installed the WSUS role to my Windows Server 2016 on in my domain.
I chose WID instead of SQL and i use GPO's to set the update location to my WSUS server.

Problem is that i can not get any clients (mostly servers) to connect to my WSUS server.
I used the SolarWinds Diagnostic tool on one of the servers and it gave me the following log:

# Solarwinds® Diagnostic Tool for the WSUS Agent
# 2017-07-04
Machine state
  User rights:                                       User has administrator rights
  Update service status:                             Running
  Background Intelligent Transfer service status:    Running
  OS Version:                                        Windows Server 2008 R2 Standard  Service Pack 1
  Windows update agent version:                      Error (Input string was not in a correct format.)
Windows Update Agent configuration settings
  Automatic Update:                                  Enabled
  Options:                                           Scheduled (Every day at  3:00 )
  Use WSUS Server:                                   Enabled
  Windows Update Server:                             http://mywsusserver 
  Windows Update Status Server:                      http://mywsusserver
  WSUS URLs are identical:                           Identical
  WSUS URL is valid:                                 Valid URL
WSUS Server Connectivity
  clientwebservice/client.asmx:                      OK
  …
0
Get HTML5 Certified
LVL 9
Get HTML5 Certified

Want to be a web developer? You'll need to know HTML. Prepare for HTML5 certification by enrolling in July's Course of the Month! It's free for Premium Members, Team Accounts, and Qualified Experts.

We have a server running SERVER 2012 R2 with 40GB RAM and lots of disc space. We use Yosemite Server Backup.

We recently replaced our QNAP NAS with more storage space. Previously on the older 12TB QNAP unit we backed up nightly via an iScsi connection to the NAS and this worked very well for a number of years.

With the new NAS I switched to using a UNC path (\\qnap\backup) for the nightly backup process, it works well and the throughput, at its highest, is around 3gb/min. I choose this method so that I didn't have a permanent connection to the NAS backup folder as a precaution against encryption viruses hitting the backup device.

However once the backup has finished, a number of services start to fail on the server and it becomes sluggish. When trying to restart the services results in Not Enough Storage available to complete the process. WSUS, DHCP, etc. Rebooting the server is the only option.

I have disabled tonights backup to see if this is what is causing the issue as it is the only thing I have changed in the last few weeks.

Does anyone else have knowledge of this. I have also not yet tweaked the irpstacksize registry value which doesn't exist on Server 2012 R2. I have read mixed messages as to whether this is necessary.

All network connections run at a 1000mbps. Server is domain controller and file server with Office 365 for Exchange email. The QNAP is connected to the domain.
0
Hi There

I am new to this community and noob on windows servers, could someone guide me that how to configure WSUS to do the updates only once in a month using GPO?

Many Thanks

Gohar Dar
0
I need a powershell to export all computers in WSUS to a text file so I can run a script against it.  

Thanks

Cliff
0
I need a powershell that will generate a report of all servers in WSUS that DO NOT have a certain KB.

So, I have a list of KBs and I need to report on what servers do not have those KBs.

Can someone help please?

Thanks

Cliff
0
Background: Migrated domain from SBS2008 to Windows 2016 Standard. All servers are VMs: one 2016 DC, one 2016 RDS, and one 2008R2 database server (SQL2008R2) (created by P2V). I will call the 2008R2 server "SQL1" for reference.

I had some problems getting WSUS to work on the 2016 server, but it is now working and both 2016 servers are updating with no problems, as well as the workstations.  The SQL1 server was FORMERLY the WSUS server, but WSUS has been completely removed.  The WSUS database is, however, on the SQL 2008 installation on SQL1.

The SQL1 server is the problem.  I have done considerable troubleshooting, including doing a complete Windows Update reset (stopping services, renaming the SoftwareDistribution and catroot2 folders, reregistering all the dlls, etc., etc.).  This did not solve the problem.  As it stands now, WSUS shows the server as checking in on a current basis, shows that it has downloaded updates and is ready for the updates to be installed, which I do manually on all servers. However, when I look on the server itself, although it shows the prompt that "Updates are ready to be installed," in control panel there are NO updates available.

Here's a screen shot from the SQL1 server:

Windows Update on server
And here is a section of the Windows Update log from SQ1, which shows successful detection of the updates:
________________________________________________________________________________________

2017-06-27 10:49:35:068  164 26f0 AU …
0
experts,

 what's the best way to control windows updates on workstations?

my goal is to control the roll outs by workstation and time of roll out.

Minimize the internet usage by having the updates pull from the WSUS server instead of directly from the Internet
0
TL;DR: Microsoft Updates are failing with 0x8024002e using WSUS or straight from Microsoft. We run Windows 10, and it is affecting most of our 150 workstations.
-----------------------------------------------
We have been running (with spotty success) a WSUS server for several years, and it periodically blows up. Fine. This most recent time I set a new one up from scratch, synced and let the GPO do its thing. At some point in time, I'm not sure exactly which Patch Tuesday, people got  0x8024002e error across the board. It wouldn't even try on the workstation, if you hit "Update" it would immediately return the error.

So, I changed the GPO to let people download MS Updates from MS, and eliminated WSUS. Well, people get a list of waiting updates, but they are basically failing with the same error.

I'm familiar with Update blowouts, and all the byzantine steps you're supposed to take to rectify it, and most of the time it fails and I've wasted 45 minutes going through all the various suggestions online...which usually link back to the same two or three solutions (stop the services, rename SoftwareDistribution and catroot2, pray, reset security contexts, blah blah blah).  0x8024002e seems to be a pretty nebulous error. My feeling is WSUS corrupted the updates somehow, and now they can't get the updates from MS either.

So, not only have the solutions really not worked, but even if that were a solution, it would take roughly a week to do that on every …
0
OK this seems shocking to me.  I've just started a new sys admin role (my 1st sys admin role) and I am looking after a clients SBS2011 server which has over 35000 updates waiting to be approved/installed.  I've got the number down a bit by removing superseded updates but I'm after some advice.  I'll be starting with Critical and then Security updates 1st by trickling them in but should I be looking at installing all of them or can I get by on just the Critical/Security updates?

A bit of extra background.  The current sys admin is leaving and the only other guy here is more 1st/2nd line so isn't much help.  Google has been my only friend so far.  That being said, advice is definitely required so feel free to chip in with your thoughts.
0
Hello all,
I have a brand new Windows 2016 Standard server with WSUS installed on it.  This has been working great for the past two months.  The WSUS is using WID for it's database.
We had to install SQL server 2016 on the same server and since then the WSUS will not come up.
Every time I try to run it I get an error that it is not responding.
I have no idea what to do on this.
Please help.
Thanks,
Kelly W.
0
On Demand Webinar: Networking for the Cloud Era
LVL 9
On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

We currently run WSUS for updating our client systems across all our sites.
It's a single WSUS server at head office with all clients set to receive and install updates through the night.

We have an issue were laptop users visit other sites and connect to the WIFI, because their laptop has not been on through out the night they start downloading all the updates at the remote site over our MPLS. This causes a strain on our bandwidth that we can't have.

Is there any way that I can setup laptop users to only download updates when they are connected to our head office network (VLAN)?
0
If a security patch in declined in WSUS, will it be removed automatically on my client's workstation ?

Thx
0
Hi,

Considering to use WSUS...
Every once in a while I get a new computer to install windows, I have a lan network with no internet access.
If I connect WSUS to the internet once a week to get updated from microsoft - can I than use it to update computers that are not in my domain... ? I do not want them in my domain,
Just to connect the lan and have them pull the updates from WSUS and then pass them to other network?
0
We have a working WSUS server here onsite that pushes out updates to machines on the following OS's- Win 7, Win 10, Win Server 2008 R2, Win server 2012, Win server 2012 r2, win server 2008 but any machines we have here that are on Win 8.1 will not update either via WSUS or manually by going to windows update section and clicking on 'search for updates',

We have over 20 windows 8.1 machines onsite and only 7 machines have checked in with WSUS

is there any reason why this OS would have issues checking in with WSUS or downloading updates in general?
0
A security patch can't be applied to a Exchange server and the server is repoerted as 99% completed. On the Window update of the Exchnage server, it is reported as up-to-date.

Any idea why the patch can't be updated ? Is it possible to remove the update for this server only such that it will reported the status as 100%

Thx
C--temp-WSUSUpdate.png
0
All our windows 7 (32 bit)  clinets don't get  pateches kb4012212 and 4012212 installed when we pushed out on WSUS.
report sayas it's not applicable ? They do get KB3024777 which we never apporved on wSUS . So why kb4012212 and 4012212 not getting instllaed. WSUS syasy in a report says   "Not applicable" whay does it mean ? and why KB3024777 getting isntalled even we don't apporve it? our 64 bit windows 7 cients are getting both patches installed with not problem , its just a 32 bit have problem.

WSUSWSUS
0

WSUS

854

Solutions

997

Contributors

Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.