locked
Clients not updating from new WSUS server RRS feed

  • Question

  • I had 2 DCs in place running 2008 and 2003. The 2003 server was also running WSUS. It has been replaced with a 2012 R2 Essentials server which is now the FSMO holder and I installed WSUS on it using the standard options like I always do. Administration runs on 8530.

    I updated the GPOs with the new server's name. All clients can ping the WSUS server by name. All clients are reporting to the server and updates have been approved days ago. However none of the clients, including the server itself, are seeing any new updates available even though the WSUS console shows they are reporting.

    I've searched the registry of the 2008 DC for references to the old WSUS server and none were found. I looked in the registry key where you would find the value put there from the GPO and it correctly shows the current WSUS server.

    I looked in the windowsupdate log on the 2008 DC and I don't see any errors. So I'm stumped as to why the clients can at least see the WSUS server and report to it but they aren't seeing the approved updates. Any ideas?


    Jonathan

    Thursday, March 5, 2015 4:01 PM

Answers

  • Got it figured out. For some reason, the Network Service was given only RO access to the content folders. One I changed that to FC, things started working. Dunno why the security wasn't right when WSUS was installed. Just glad I figured it out.


    Jonathan

    • Proposed as answer by Michael Halpin Monday, March 9, 2015 5:31 AM
    • Marked as answer by WinSvrAdmin Monday, March 9, 2015 4:34 PM
    Monday, March 9, 2015 2:41 AM

All replies

  • Hi Jonathan,

    Have you checked if the update is downloaded successfully? The update will not be available until it has been downloaded on the WSUS server.

    Best Regards.


    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, March 6, 2015 3:13 AM
  • Hi Jonathan,

    Have you checked if the update is downloaded successfully? The update will not be available until it has been downloaded on the WSUS server.

    Best Regards.


    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Yes the updates have all downloaded as verified in the WSUS console. So the updates are there, the clients are reporting in and showing what updates they need, but what is not happening is that final connection so you see the little "pending updates" icon in the system tray. I've done wuauclt /detectnow many times (used to doing this with other sites I manage) and had WU check for updates but it always shows none available.


    Jonathan

    Friday, March 6, 2015 9:05 PM
  • Can you post a copy of the windowsupdate.log from one of those clients?
    Friday, March 6, 2015 10:01 PM
  • Can you post a copy of the windowsupdate.log from one of those clients?

    Here is a link to the log file from one client which is XP but I don't think it matters as all clients are having the same problem. http://1drv.ms/1EnvfLm

    It's not the entire log file but I copied starting from when the new server took over as the WSUS server based on GPO deployment.

    I also checked the client PC and it finds updates to download when I tell it to look at MU/WU.


    Jonathan

    Saturday, March 7, 2015 4:49 AM
  • Hi Jonathan,

    • are all the clients XP, or do you have a mix?
    • What's the exact version of WSUS that you are running, have you applied any updates for WSUS itself?
    • It seems to be checking the applicability rules ok, are there updates on the new server that weren't on the old server? Perhaps there are simply no new updates to install at this stage

    Saturday, March 7, 2015 10:46 AM
  • Hi Jonathan,

    • are all the clients XP, or do you have a mix?
    • What's the exact version of WSUS that you are running, have you applied any updates for WSUS itself?
    • It seem to be checking the applicability rules ok, are there updates on the new server that weren't on the old server? Perhaps there are simply no new updates to install at this stage

    The clients are a mix, about 2/3 Win7 and 1/3 XP.

    WSUS is the latest as it is the role added on Server 2012 R2, not an install.

    The server has all updates applied to it.

    Yes there are updates on the new server that were not on the old one. I see this every time I replace an old WSUS server with a new one.


    Jonathan

    Saturday, March 7, 2015 6:01 PM
  • Can you confirm that the below was installed on the new WSUS server: it's possible that it was on the old server, and the WUA were all updated, but if the clients have been updated, and the new server wasn't, that could explain the issue you see.

    http://support.microsoft.com/kb/2938066


    Saturday, March 7, 2015 8:25 PM
  • Can you confirm that the below was installed on the new WSUS server: it's possible that it was on the old server, and the WUA were all updated, but if the clients have been updated, and the new server wasn't, that could explain the issue you see.

    http://support.microsoft.com/kb/2938066


    Yes it's there, the server is fully patched and that is one of the updates installed.


    Jonathan

    Saturday, March 7, 2015 10:28 PM
  • Got it figured out. For some reason, the Network Service was given only RO access to the content folders. One I changed that to FC, things started working. Dunno why the security wasn't right when WSUS was installed. Just glad I figured it out.


    Jonathan

    • Proposed as answer by Michael Halpin Monday, March 9, 2015 5:31 AM
    • Marked as answer by WinSvrAdmin Monday, March 9, 2015 4:34 PM
    Monday, March 9, 2015 2:41 AM