none
WUServer field

    Question

  • Hi,

    I am currently testing a new install of WSUS 3.0 sp1 on Windows 2003 server.
    The setup is suppose to download the updates from Microsoft and store them locally, and the clients would get the updates from the WSUS server that I setup.  The clients are using Windows2000 and Windows XP.
    The clients are getting updates okay, however the WSUS server's updates don't seem to be installing.
    On the console it shows updates to be installed and updates with no status, when I look at the server's stats. 

    I'm thinking it may have something to do with the WUServer setting int the registry.
    Forgot to mention that we have a small shop (70 computers) and I am using the registry settings to configure the services.

    I do not have a WUServer setting on the server itself.
    Should it be listed and pointed to Micrsoft Updates Server?
    If so, what name would be used?

    Thanks in advance for your help
    Friday, December 12, 2008 9:04 PM

Answers

  • Updates with "No Status" are an indication that one or more systems have not yet executed a detection since that update was synchronized, and thus the update "status" cannot be accurately reported. Whether the issue is one, a few, or all, clients is a matter for further investigation.

    The WSUS Server, IMO, should be configured to update from itself (e.g. WUServer and WUStatusServer should be the same URL as the clients). The number one reason for this is that the WSUS Server can be your best indication that the non-network-related components of the WSUS System are properly function. (i.e. if the WSUS Server successfully updates from itself, but the clients do not, then you know it's not the *server* that is at fault; if the WSUS Server does not successfully update from itself, then you know the flaw is somewhere in the IIS config, or in the client config, but since the *network* is not a component in that connection, you need not consider network diagnostics.)

    If you've not configured a WUServer value for the WSUS Server, but the registry value "UseWUServer"=dword:0x1 (enabled), then you've effectively broken the Windows Update Agent on the WSUS Server and it will get no updates from anywhere. Such a configuration would most likely be manifested in the %windir%\WindowsUpdate.log as a 0x80072ee5 "Invalid URL", or an 0x80072ee6 "Unrecognized scheme", or possibly an 0x80072efd "Cannot Connect", depending on whether the WUServer value is present and what the actual value contains.


    Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2009)
    Friday, December 12, 2008 10:02 PM

All replies

  • Updates with "No Status" are an indication that one or more systems have not yet executed a detection since that update was synchronized, and thus the update "status" cannot be accurately reported. Whether the issue is one, a few, or all, clients is a matter for further investigation.

    The WSUS Server, IMO, should be configured to update from itself (e.g. WUServer and WUStatusServer should be the same URL as the clients). The number one reason for this is that the WSUS Server can be your best indication that the non-network-related components of the WSUS System are properly function. (i.e. if the WSUS Server successfully updates from itself, but the clients do not, then you know it's not the *server* that is at fault; if the WSUS Server does not successfully update from itself, then you know the flaw is somewhere in the IIS config, or in the client config, but since the *network* is not a component in that connection, you need not consider network diagnostics.)

    If you've not configured a WUServer value for the WSUS Server, but the registry value "UseWUServer"=dword:0x1 (enabled), then you've effectively broken the Windows Update Agent on the WSUS Server and it will get no updates from anywhere. Such a configuration would most likely be manifested in the %windir%\WindowsUpdate.log as a 0x80072ee5 "Invalid URL", or an 0x80072ee6 "Unrecognized scheme", or possibly an 0x80072efd "Cannot Connect", depending on whether the WUServer value is present and what the actual value contains.


    Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2009)
    Friday, December 12, 2008 10:02 PM
  • Hi,

    Thanks for your reply.
    The UseWUServer is set to 0, however, I thought that if WUServer and WUStatusServer were not set, the UseWUServer is not even looked at.
    If I put my servers name as a value to get updates in the WUServer and WUStatusServer field, what would the value be in UseWUServer?
    I want to get updates from Micrsoft Update Server, would that be 1?
    Are the values in the WUServer and WUStatusServer just telling the system where to install from?

    Sorry if questions seem whacky, I'm just confused.  lol

    Thanks in advance for your help,
    Monday, December 15, 2008 2:07 PM
  • It's exactly the opposite, if UseWUServer=dword:0x0, then the entire registry key is ignored, and the agent operates in "Automatic Updates" mode (with the exception of those configured values that are exclusively relevant to the WUA, like scheduled installation time).

    If you want the machine to use the WSUS Server, then UseWUServer must be set to dword:0x1 (enabled), and both WUServer and WUStatusServer must be set to the URL of the WSUS Server. If UseWUServer = dword:0x1 and WUServer and/or WUStatusServer are blank, or invalid, then no updating will take place at all (not even from Automatic Updates).

    Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2009)
    Tuesday, December 16, 2008 4:46 PM
  • Hi,

    I left the UseWUServer value at 0
    I added the WUServer and WUStatusServer strings and made the value = http://mywsusservername.
    Now everything is fine. 
    I'm getting my updates from Micrsoft on the WSUS Server and they are being installed to Server as well as clients.

    Thanks,
    Jonette
    Wednesday, December 17, 2008 9:16 PM
  • jonette20 said:

    Hi,

    I left the UseWUServer value at 0
    I added the WUServer and WUStatusServer strings and made the value = http://mywsusservername.
    Now everything is fine. 
    I'm getting my updates from Micrsoft on the WSUS Server and they are being installed to Server as well as clients.

    Thanks,
    Jonette



    No, I beg to differ with you. If UseWUServer is set to =zero=, then everything is not fine. Zero == disabled, which means "Do Not Use the [WSUS] Server".

    That system is *NOT* updating from WSUS, unless you've failed to restart the service after editing the registry, in which case rest assured that a service restart or system reboot, will redirect that machine back to using Automatic Updates from microsoft.com, and you'll never see that system report to your WSUS server again.

    As noted in my previously reply, UseWUServer is the *first* value evaluated. IF that value is =true= (dword:0x1), *then* the WUServer and WUStatusServer values are evaluated, and IF those values are identical, then the WUA uses the configured URL as the update services server. If the UseWUServer value is =true=, and WUServer and WUStatusServer are not identical, or they're not configured, then NO UPDATES will be processed.

    IF UseWUServer is =false= (dword:0x0), then the WUA will use update.microsoft.com (Automatic Updates) as it's update source, and reporting will not be done to the WSUS Server.

    All of this is predicated upon the operational requirement that changes made directly to the registry *require* the Automatic Updates service to be restarted. The registry values are only read at Service Start.

    Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2009)
    Wednesday, December 17, 2008 9:32 PM
  • Hi,

    I have been using documentation from the Micrsoft site.

    What I am reading says in regards to the UseWUServer values:

    0= This machine gets its updates from Microsoft Update
    1= This machine gets its updates from a WSUS server
    The WUServer value is not respected unless this key is set.

    This tells me that I should be getting updates from Micrsoft's site.

    I have rebooted my system since making the changes and everything seems to be working fine.



    Thursday, December 18, 2008 5:20 PM
  • What that description means is that it gets its APPROVALS (the list of updates it can install) from Microsoft, or from the WSUS Server, not the actual CONTENT FILES.

    Where the CONTENT files come from is determined by whether you've configured your WSUS Server to maintain a local content store.  This is configured at Options | Update Files and Languages, on the "Update Files" tab. Either you have checked "Store update files locally on this server" or you have checked "Do not store updates locally; computers install [files] from Microsoft Update". (The word files is, sadly, missing from that phrase, but it should be read as if it were there, thus my inclusion in brackets.) The option "Store update files locally..." is the DEFAULT option, and unless you've changed it, your machines will get updates from the WSUS Server, not download.microsoft.com.

    If you have configured your WSUS Server to maintain a local content store, then *ALL* systems will get update files from the WSUS Server. This is not an option you can configure on a per-machine or per-group basis. If you have configured your WSUS Server to NOT maintain a local content store, then *ALL* systems will get update files from Microsoft.Com. Again, this is not an option you can configure on a per-machine or per-group basis.

    So, to date, based on all the conversation we have had, you have four possible configuration options:

    [1] UseWUServer=dword:0x0. The local WSUS Server is invisible to the machine. The machine will download and install *ALL* available updates directly from microsoft.com and this machine will NEVER report to your WSUS Server.

    [2] UseWUServer=dword:0x1 and the WUServer/WUStatusServer values are not set correctly. The machine will get NO updates at all.

    [3] UseWUServer=dword:0x1, the WUServer/WUStatusServer values are correctly set, and you have configured the WSUS Server to maintain a local content store. ALL machines will update APPROVED updates as configured at the WSUS Server and ALL machines will download content from the WSUS Server.

    [4] UseWUServer=dword:0x1, the WUServer/WUStatusServer values are correctly set, and you have configured the WSUS Server to NOT maintain a local content store. ALL machines will update APPROVED updates as configured at the WSUS Server and ALL machines will download content directly from download.microsoft.com.
    Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2009)
    Thursday, December 18, 2008 5:40 PM
  • Hi,

    My goal is to store the contents locally on a WSUS server after getting them from microsoft updates site and clients are to get download files from the WSUS server.

    [3] UseWUServer=dword:0x1, the WUServer/WUStatusServer values are correctly set, and you have configured the WSUS Server to maintain a local content store. ALL machines will update APPROVED updates as configured at the WSUS Server and ALL machines will download content from the WSUS Server.

    Your option 3 is how my clients are setup.  My issues was the WSUS server's registry settings.

    Are you saying it should be setup just like the clients?  When I had UseWUSeerver set to 1, the updates were not installing on the server, just clients.
    That is the reason I thought everything was okay, because when I changed this value to 0 the updates that were approved and ready for install began to install.

    I guess I'm missing something.
    Not for your lack of trying to explain.  I really appreciate your help.
    Thursday, December 18, 2008 6:08 PM
  • The WSUS Server's registry setting only affects how the WSUS Server as a =CLIENT= gets updates for that MACHINE, not how the WSUS Server interacts with clients of the WSUS Service, or how any other client behaves with respect to using the WSUS Service.

    Yes, your WSUS Server should be set up exactly like your clients, so that the WSUS Server is a client of the WSUS Service (and I stated this directly in my reply last Friday). In this way, you can then control which updates are approved for installation on the WSUS Server platform, as well as *when* they're installed.

    When you had UseWUServer=dword:0x1 and updates were not installing on the server, your cause was likely any one of a couple dozen other reasons -- but we've spent the last week discussing the UseWUServer setting in the registry. (Note: If  you were using GROUP Policy and/or LOCAL Policy like is recommended in the documentation, we wouldn't even be having a discussion about registry editing, and your system would have been configured as to your desires last week.)

    When you changed the registry value to dword:0x0 on the WSUS Server, you gave your WSUS Server permission to resume using the native Windows Automatic Updates service. The agent on the WSUS Server queried update.microsoft.com directly, and downloaded and installed *every* available update. This is why it appeared that updates miraculously started installing -- they did. You were just not correct as to your understanding of the reason why it appeared to be working. You had no choice in the matter at that point -- and that's also why the WSUS Server does not appear (or appears with an out-of-date Last Contact Date and "No Status") in the WSUS Server Administration Console.


    Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2009)
    Thursday, December 18, 2008 6:23 PM
  • Okay,

    This is the only Windows Server in our shop and it was purchased by another agency.
    We don't have Group Policy's or Active Dirctory setup for anything.

    The act of editing the registry is not my problem. 
    Understanding what to edit is more my problem.  The same values are set in Group Policy, so same questions.

    Thanks again for your help
    Thursday, December 18, 2008 7:36 PM
  • Okay, GROUP policy is not available.
     
    The answer, still, to ensure you get the correct and desired settings is to use LOCAL Policy, not modify the registry directly.

    If you edit the Administrative Templates | Computer Configuration | Windows | Windows Update policy "Specify intranet Microsoft update service location", then the values of UseWUServer, WUServer, and WUStatusServer will be properly set, based on the values you enter in that policy setting dialog box.





    Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2009)
    Thursday, December 18, 2008 9:19 PM
  • Hi,

    Actually I did use the Local policy settings on the my server instead of editing the registry.
    And my value for UseWUServer is = 1.
    So I guess I really am okay on that end.

    Since we don't use Group Policies, the only way that I know to set all the clients is to change the registry settings via a logon script.
    However, I am getting errors because (I think) the user does not have local admin rights and it is not allowing me to change the HKEY_Local_Machine key.

    A completly different issue/problem.

    Thanks again for your help and patience
    Monday, December 22, 2008 9:07 PM