locked
WSUS/Windows Updates and SUP RRS feed

  • Question

  • I hope I can explain this clearly. I have some computers updating from Windows Update. I can only assume this since I am not actually deploying anything from WSUS. In the ReportingEvents.log I can see that a lot of updates were downloaded and installed. I shouldn't see anything in here if SUP was handling the updates right?

    I do have SUP configured and working, so I am thinking that I have a lingering configuration form the migration from SCCM 2007 to SCCM 2012 that is allowing computer to go out to Windows Update and get updates.

    I have read through Microsoft's article and dont see any reference for GPO's.

    Monday, September 30, 2013 3:21 PM

Answers

  • So it sound like you are having local GPO security db corruption.  I have seen this a lot on XP and you need to reset the security db on each WS to fix it. Not a fun job and it takes a while to do it to. My client that was having the problem eventually just started re-imaging the PCs as it was faster to fix it that way.


    http://www.enhansoft.com/

    • Proposed as answer by Garth JonesMVP Saturday, October 26, 2013 3:18 PM
    • Marked as answer by Garth JonesMVP Saturday, November 2, 2013 1:37 PM
    Monday, October 14, 2013 3:06 PM

All replies

  • Pick a machine that you think is downloading from the Internet and launch gpedit.msc

    In the Group Policy Object Editor, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update.

    What does it tell you?



    Gerry Hampson | Blog: www.gerryhampsoncm.blogspot.ie | LinkedIn: Gerry Hampson | Twitter: @gerryhampson

    Monday, September 30, 2013 3:30 PM
  • The computer in question doesnt have anything listed. The other computers that I have migrated over have the new server name listed. In the console I am applying a client policy to "All Workstations", a device collection for Workstation OS. The policy has SUP selected and is working on other machines.
    Monday, September 30, 2013 3:53 PM
  • In an environment I worked on we had to enter the WSUS point into group policy to stop random machines picking up updates from Windows Updates. No explanation as to why they were and the Windows Update was set to be handled by the SCCM SUP.

    Cheers

    Paul | sccmentor.wordpress.com



    Monday, September 30, 2013 3:57 PM
  • Is this acceptable? I cant do this till I get all the computers on the new system though.
    Tuesday, October 1, 2013 1:52 PM
  • I have a similar issue where my sccm clients are getting the updates from my SUP but to to the internet to download them. My is kind of working but I have been working on getting it 100% working.  We already have teh SUP in our GPO but its not helping.
    Wednesday, October 2, 2013 12:53 PM
  • I have a similar issue where my sccm clients are getting the updates from my SUP but to to the internet to download them. My is kind of working but I have been working on getting it 100% working.  We already have teh SUP in our GPO but its not helping.

    Yours could be related to your package. You can tell the client if the SUP isn't available to go to the internet for its updates. This is in your ADR, if you have one setup under the "Download Settings" tab.
    Wednesday, October 2, 2013 1:10 PM
  • Its unchecked in my ADRs. I have looked into that already.

    Wednesday, October 2, 2013 1:16 PM
  • Are you sure your computers are accepting the GPO?
    Wednesday, October 2, 2013 2:08 PM
  • Yes, I was able to confirm using Gerry's example above.
    Wednesday, October 2, 2013 2:11 PM
  • Yes, I know this is an old post, I’m trying to clean them up. Did you figure this out, if so how?


    http://www.enhansoft.com/

    Saturday, October 12, 2013 8:56 PM
  • Yes and no. The issue was the computer did not get the WSUS/SUP settings from the Agent. I checked GPO and it is blank, instead of the server name. So the yes part is, i know what happened, the no part is, i dont understand why that policy is not changing on some computers.

    Edit - Im sorry, I know I say GPO, but meant local policy

    • Edited by RCCMG Sunday, October 13, 2013 5:17 AM
    Saturday, October 12, 2013 10:09 PM
  • So it sound like you are having local GPO security db corruption.  I have seen this a lot on XP and you need to reset the security db on each WS to fix it. Not a fun job and it takes a while to do it to. My client that was having the problem eventually just started re-imaging the PCs as it was faster to fix it that way.


    http://www.enhansoft.com/

    • Proposed as answer by Garth JonesMVP Saturday, October 26, 2013 3:18 PM
    • Marked as answer by Garth JonesMVP Saturday, November 2, 2013 1:37 PM
    Monday, October 14, 2013 3:06 PM
  • Ok - I will see what is involved in this, unfortunately the broken one, so far, is my bosses computer. I am hoping the number of this happening is small so it isn't a big deal. Thanks for the info.
    Monday, October 14, 2013 3:16 PM