locked
Some clients don't ask update from WSUS after removing group RRS feed

  • General discussion

  • Dear colleagues, I need your help.

    I removed a group from WSUS one week ago. The group was re-created in a 5 min, but something happened with DB or service. Some clients after that tried to check the update and got nothing, but really they need more than 150 updates. I checked WindowsUpdate.log, but nothing. Other clients, which were created after that little fall, asked updates and got it. I used the Troubleshooter by MS and popular script for resetting WUAgent, but without success. Everything looks ok, but I know this servers need a lot of updates. One of the signs is TimeZone settings: it should be GMT+3 with updates, but now it's GMT+4 without updates.  The clients are Win Server 2012 R2, VMWare Vms. Maybe you see smth like that and could give me a tip?
    Thank you in advance!

    Anna

    Tuesday, November 5, 2019 12:07 PM

All replies

  • First: are you using manual or GPO targeting? When you deleted and re-created the group, did you put back the option for Computer level targeting?

    Second: Are the machines actually reporting back to the WSUS Server properly?

    https://www.ajtek.ca/wsus/client-machines-not-reporting-to-wsus-properly/


    Adam Marshall, MCSE: Security
    https://www.ajtek.ca
    Microsoft MVP - Windows and Devices for IT

    Tuesday, November 5, 2019 9:42 PM
  • Hello, Adam!

    We use GPO targeting. Yes, I put this option. And yes, clients reported about their state every 3 hours.
    Wednesday, November 6, 2019 6:17 AM
  • Are there updates approved to that Group name? When you deleted it, you deleted the link between the updates and the approval for that group. If the updates are approved to All Computers, they should flow down the list.

    Adam Marshall, MCSE: Security
    https://www.ajtek.ca
    Microsoft MVP - Windows and Devices for IT

    Wednesday, November 6, 2019 4:33 PM
  • Yes, that updates are approved for group, because other clients got it after that fall. It seems like several clients don't need any updates, but they need.
    Thursday, November 7, 2019 8:58 AM
  • That doesn't mean that updates are approved to the group. They could be approved to the all computers group and flow down.

    Adam Marshall, MCSE: Security
    https://www.ajtek.ca
    Microsoft MVP - Windows and Devices for IT

    Thursday, November 7, 2019 5:23 PM
  • All updates are approved to all groups. I created new VM with Server 2012 R2 Datastore yesterday and today it got 420 updates without problems. But these several clients report "No updates are available". WSUS shows they need nothing. But they need all of these 420 updates too. All clients are in one group for servers. I can't force several clients to request updates and get it.
    Friday, November 8, 2019 12:27 PM
  • So what is the purpose of the groups if you are approving all the updates to all of the groups?

    See part 4 of my 8 part blog series for How to Setup, Manage, and Maintain WSUS as it deals with the policies and part 2 with respect to the groups and views. Then look at part 6 for the approvals process.

    https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-4-creating-your-gpos-for-an-inheritance-setup/


    Adam Marshall, MCSE: Security
    https://www.ajtek.ca
    Microsoft MVP - Windows and Devices for IT

    Friday, November 8, 2019 1:50 PM
  • Adam, thank you for the link! It's very useful for me at all. But we have the same policies as you described in the article. Everything works correctly for other clients, excepting only two.

    Yesterday I reinstalled an operation system on this VM, but used previous name. I hoped, VM asks about all over updates, but it doesn't. VM got approx. 40 updates and that's all. Timezone is also wrong. If it helps, I could post a part of update log or WSUS report.

    Tuesday, November 12, 2019 8:36 AM