locked
Domain client cannot update when on non-domain network. RRS feed

  • Question

  • I have a WSUS server for domain client, the client will download an update package from this server.
    But when domain client out of office, they cannot connect to WSUS server via WAN.
    If they check Windows Update, they will get an error the WSUS out of service and Update from Microsoft option will disappear.

    How can domain client directly download an update from Microsoft after they cannot connect WSUS server?

    Server OS: Windows Server 2016

    Client OS: Windows 10 Pro



    • Edited by james2aa Monday, August 7, 2017 9:18 AM
    Monday, August 7, 2017 9:14 AM

All replies

  • Hi Sir,

    >>If they check Windows Update, they will get an error the WSUS out of service and Update from Microsoft option will disappear

    I'm afraid ,the behavior caused by client applied group policy "turn off access to all windows update features" :

    Best Regards,

    Elton


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, August 9, 2017 10:32 AM
  • Realistically, the machines being serviced by WSUS should have a VPN connection into the network to allow access from outside the office. This is the recommended way as if you don't use WSUS and you manually check for updates online, you lose the control aspect of what updates can be installed and when.

    Adam Marshall, MCSE: Security
    http://www.adamj.org

    Thursday, August 10, 2017 4:38 AM
  • Hi Elton,

    Thank you for your replying.

    "turn off access to all windows update features" is not configured on GPO and Local GPO.

    "Update from Microsft" appears if a client connects domain network, but if a client connects the external network then check Windows Update, the "update from Microsoft" will disappear.

    How to get "update from Microsoft" back is connect domain network then check update again.

    I disabled "Do not connect to any Windows Update Internet location" policy, but not effective.

    Client OS: Windows 10 Pro 1703

    Thursday, August 10, 2017 6:28 AM
  • The VPN is a solution, but my WSUS server stores update package on the local server.

    I can restore "Update from Microsoft" by run "Troubleshoot Windows Update" on Settings window.

    Thank you for your help.

    • Proposed as answer by Elton_Ji Friday, September 15, 2017 8:24 AM
    Thursday, August 10, 2017 8:47 AM