none
Windows 2012 R2 Essentials is not connecting to WSUS

    Question

  • Hi all,

    I installed Windows Server 2012 R2 Essentials. After that I added the WSUS role to this server. I set the Update Services to us WSUS instead of GPO's.

    Even after several reboots, the server is not showing to the WSUS console.

    When I go to Windows Update, I only can check for updates directly at Microsoft, not at WSUS.

    How can I make the server to connect to itself?

    Best regards,

    Ernst

    • Edited by Echt-wel Friday, January 10, 2014 10:37 PM
    Friday, January 10, 2014 10:34 PM

Answers

  • Am 11.01.2014 schrieb Echt-wel:

    The Windows Server is showing itself in WSUS.

    Great! ;)

    Create a new GPO for Clients and a one new for your Servers.
    Client-GPO set up to Option No. 4 and link to the OU where the Clients
    are inside.

    Domain
      OUDomain-Controller
        WSUS-GPO for Domain Controller
      OUClients
        WSUS-GPO for Clients

    After setting this, reboot the Client and open a Admin-Commandline:
    gpresult /H > gpresult.html [ENTER]. If you find the WSUS-GPO then
    wait 10 Minutes for coming up the client in the WSUS-Console. Press
    refresh several times. If a client is not coming up in WSUS after 1
    hour, you can force this. Open a Admin-Commandline on the client:

    net stop wuauserv [ENTER]
    net stop bits [ENTER]
    del %windir%\WindowsUpdate.log
    rd /s /q %windir%\SoftwareDistribution [ENTER]
    net start wuauserv [ENTER]
    wuauclt /reportnow
    10 Minutes later, client must show up in WSUS. If not, have a look in
    %windir%\WindowsUpdate.log.


    Servus
    Winfried

    Gruppenrichtlinien
    WSUS Package Publisher
    HowTos zum WSUS Package Publisher
    NNTP-Bridge für MS-Foren

    • Marked as answer by Echt-wel Sunday, January 12, 2014 11:12 AM
    Sunday, January 12, 2014 9:33 AM
  • All the time I just did a gpupdate /force and wuauclt /reportnow.

    There's your problem.

    The wuauclt /reportnow doesn't do anything in the context in which you used it. The client NEVER attempted to contact the WSUS Server. (Which you can confirm by reviewing the WindowsUpdate.log on that client.)

    And the last time before it start working correct, I did the whole script from Winfried.

    Winfried's script (unfortunately) doesn't do anything either... for the same reason. I'm more inclined to think this was all coincidental and the client merely executed it's regularly scheduled "every 22 hours" detection event.

    The correct command to use in both of these instances is wuauclt /resetauthorization /detectnow.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.


    Wednesday, January 15, 2014 5:08 PM
    Moderator
  • Hip hip hoora.

    The Windows Server is showing itself in WSUS.

    I have no idea what I did since the last time, but it seems to work!!!!!

    It was just another reboot.

    I'm a happy man.


    Best regards, Ernst

    • Marked as answer by Echt-wel Saturday, January 11, 2014 11:54 PM
    Saturday, January 11, 2014 7:56 PM

All replies

  • Additional info:

    I tried GPO and in Windows Update it now also shows "Managed by your system administrator".

    But still 0 computers in WSUS.

    When I check fo updates I get an error: "Windows could not search for new updates". Error code: 80072EFE.

    Any sugestions?


    Best regards, Ernst


    • Edited by Echt-wel Saturday, January 11, 2014 11:43 AM
    Saturday, January 11, 2014 11:42 AM
  • Am 10.01.2014 schrieb Echt-wel:

    I installed Windows Server 2012 R2 Essentials. After that I added the WSUS role to this server. I set the Update Services to us WSUS instead of GPO's.

    Even after several reboots, the server is not showing to the WSUS console.

    When I go to Windows Update, I only can check for updates directly at Microsoft, not at WSUS.

    How you have wrote the Name from the Server in you GPO? On a W2012R2
    WSUS installed on Port 8530, you should write the Name like so:

    http://Your_WSUS:8530


    Servus
    Winfried

    Gruppenrichtlinien
    WSUS Package Publisher
    HowTos zum WSUS Package Publisher
    NNTP-Bridge für MS-Foren

    Saturday, January 11, 2014 12:23 PM
  • Hi Winfried,

    I did use the :8530 for the port number

    In the mean time I tried a Windows 7 workstation to connect. That seems to have the same issue.

    Same error:(


    Best regards, Ernst


    • Edited by Echt-wel Saturday, January 11, 2014 1:10 PM
    Saturday, January 11, 2014 1:09 PM
  • Am 11.01.2014 schrieb Echt-wel:

    I did use the :8530 for the port number

    Show us you setttings in the GPO.


    Servus
    Winfried

    Gruppenrichtlinien
    WSUS Package Publisher
    HowTos zum WSUS Package Publisher
    NNTP-Bridge für MS-Foren

    Saturday, January 11, 2014 5:46 PM
  • Hi Winfried,

    Thanks for helping me.

    The screenshots are complete unreadable, so I've to write down what I did.

    Open GPO and selected Group Policy/Default Domain Controllers Policy. Becuase my first attempt was to set the updates for the Essentials Server.

    Then I choose edit. In the GPO Editor I choose: Computer Configuration/Administrive Templates: Policy Definitions/Windows Components/Windows Update.

    I configured Automatic updates: Enabled with option 3.

    Enabled client-side targeting with group: Upd.Services Servers.

    Intranet Service location: In both fields in set: http://WS2012R2Ess:8530

    And off course, I Always clicked OK :)

    I got these instructions from Technet http://technet.microsoft.com/en-us/library/hh852346.aspx

    Best regards, Ernst



    • Edited by Echt-wel Saturday, January 11, 2014 7:52 PM
    Saturday, January 11, 2014 7:38 PM
  • Hip hip hoora.

    The Windows Server is showing itself in WSUS.

    I have no idea what I did since the last time, but it seems to work!!!!!

    It was just another reboot.

    I'm a happy man.


    Best regards, Ernst

    • Marked as answer by Echt-wel Saturday, January 11, 2014 11:54 PM
    Saturday, January 11, 2014 7:56 PM
  • I set the Update Services to us WSUS instead of GPO's.

    Could you please restate this point. This makes no sense to me.

    Even after several reboots, the server is not showing to the WSUS console.

    When I go to Windows Update, I only can check for updates directly at Microsoft, not at WSUS.

    How can I make the server to connect to itself?

    The logical conclusion here is that you've not properly configured the client to use WSUS.

    Once we clarify your first statement, the solution may become more clear.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Saturday, January 11, 2014 8:57 PM
    Moderator
  • Hi Lawrence,

    The default setting in WSUS is to assign computers to use the Update Services console in WSUS instead of assign the computers by GPO or Registry.

    Because this was the easy way to do it, I left it to the default (WSUS console).

    Later on, I used GPO to set it. See above for the settings.

    Several reboots, report now (in command) and still no computers in WSUS.

    After an other reboot it is working.

    At this moment I still have no idea why it took so long (2 days) to register at WSUS.


    Best regards, Ernst


    • Edited by Echt-wel Saturday, January 11, 2014 9:56 PM
    Saturday, January 11, 2014 9:54 PM
  • Am 11.01.2014 schrieb Echt-wel:

    The screenshots are complete unreadable, so I've to write down what I did.

    Here is a Screenshot from a Client Sample GPO:
    http://www.wsus.de/images/WSUSGPO.png

    Open GPO and selected Group Policy/Default Domain Controllers Policy. Becuase my first attempt was to set the updates for the Essentials Server.

    Better you create a own WSUS-GPO, do not edit one of the two Default
    Policys.


    Servus
    Winfried

    Gruppenrichtlinien
    WSUS Package Publisher
    HowTos zum WSUS Package Publisher
    NNTP-Bridge für MS-Foren

    Sunday, January 12, 2014 9:28 AM
  • Am 11.01.2014 schrieb Echt-wel:

    The Windows Server is showing itself in WSUS.

    Great! ;)

    Create a new GPO for Clients and a one new for your Servers.
    Client-GPO set up to Option No. 4 and link to the OU where the Clients
    are inside.

    Domain
      OUDomain-Controller
        WSUS-GPO for Domain Controller
      OUClients
        WSUS-GPO for Clients

    After setting this, reboot the Client and open a Admin-Commandline:
    gpresult /H > gpresult.html [ENTER]. If you find the WSUS-GPO then
    wait 10 Minutes for coming up the client in the WSUS-Console. Press
    refresh several times. If a client is not coming up in WSUS after 1
    hour, you can force this. Open a Admin-Commandline on the client:

    net stop wuauserv [ENTER]
    net stop bits [ENTER]
    del %windir%\WindowsUpdate.log
    rd /s /q %windir%\SoftwareDistribution [ENTER]
    net start wuauserv [ENTER]
    wuauclt /reportnow
    10 Minutes later, client must show up in WSUS. If not, have a look in
    %windir%\WindowsUpdate.log.


    Servus
    Winfried

    Gruppenrichtlinien
    WSUS Package Publisher
    HowTos zum WSUS Package Publisher
    NNTP-Bridge für MS-Foren

    • Marked as answer by Echt-wel Sunday, January 12, 2014 11:12 AM
    Sunday, January 12, 2014 9:33 AM
  • Hi Winfried,

    I use it just to get familiar with the new Essensial Server. My goal is to start with implementing Office 365 for the first time.

    I used the default GPO becuase I was frustrated. New GPO is indeed a better way.

    Normally a client or server will show up in WSUS after a short time. And not after 2 days.

    I still don't know why it took so long.

    Thanks a lot for the help!


    Best regards, Ernst


    • Edited by Echt-wel Sunday, January 12, 2014 11:23 AM
    Sunday, January 12, 2014 11:20 AM
  • At this moment I still have no idea why it took so long (2 days) to register at WSUS.

    Because.. it seems.. you totally misunderstood the point of the Options -> Computers setting in the console, and when you did, finally, actually configure a GPO to configure the client, it started working as it should.

    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Monday, January 13, 2014 1:19 AM
    Moderator
  • Hi Lawrence,

    Not completely. I did set the GPO settings for auto update and intranet service location, but at first without the client side targeting.

    Several reboots and even then no computers in WSUS. Then I set client side targeting, agiain with serveral reboots and gpupdate and wuauclt: nothing.

    The day after I did another reboot and to my surprise the server was showing in Computers in WSUS.

    So, I'm still confused what took so long.

    By the way, client side targeting is off again. And it keeps working.


    Best regards, Ernst

    • Edited by Echt-wel Tuesday, January 14, 2014 7:16 PM
    Tuesday, January 14, 2014 7:02 PM
  • Ooohhh, maybe, just maybe I figured out why it was working after that last reboot.

    All the time I just did a gpupdate /force and wuauclt /reportnow.

    And the last time before it start working correct, I did the whole script from Winfried.

    I'm not 100% sure I never used this script before.


    Best regards, Ernst


    • Edited by Echt-wel Tuesday, January 14, 2014 9:00 PM
    Tuesday, January 14, 2014 7:20 PM
  • All the time I just did a gpupdate /force and wuauclt /reportnow.

    There's your problem.

    The wuauclt /reportnow doesn't do anything in the context in which you used it. The client NEVER attempted to contact the WSUS Server. (Which you can confirm by reviewing the WindowsUpdate.log on that client.)

    And the last time before it start working correct, I did the whole script from Winfried.

    Winfried's script (unfortunately) doesn't do anything either... for the same reason. I'm more inclined to think this was all coincidental and the client merely executed it's regularly scheduled "every 22 hours" detection event.

    The correct command to use in both of these instances is wuauclt /resetauthorization /detectnow.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.


    Wednesday, January 15, 2014 5:08 PM
    Moderator