locked
Security Updates RRS feed

  • Question

  •  

    Hi,

     

    does anyone know if security updates (scanning engine and virus definition files) for FCS need to be delivered to clients via WSUS or not? I have tried installing FCS on a PC standalone, but it is failing to download updates from the web.

     

    Regards

     

    Graham

    Tuesday, May 6, 2008 6:57 AM

Answers

  • Hello Graham, 
    WSUS is not required for the Client updates, there is a policy setting which allows you to define whether on failing to contact a WSUS server it should go out to Microsoft update to do its updates. 
    I think the problem you may be having is that you are either not deploying to this standalone machine using the correct syntax, it should be "ClientSetup.exe /NOMOM" failing this I would check the local policies applied to that machine with regards to windows update and make sure it has the windows update service enabled.. 

    I have found that on a few installations it was necessary to reboot after the install and then attempt to do a manual windows update to get the fist engine updates running, after that it was all fully automated. 

    if you have a Forefront server deployed you can define a new policy as .reg file and then apply it to the machine in question using an executable called fsclocalpolicytool.exe i believe, applying it with the tool simply means that you are able to replace or remove the policy with ease.. Try the first two solutions, if they dont work get back to us and we can check to see if you have the correct FCS policy applied, are you able to update the OS or other apps using Microsoft update? 
    Cheers 


    ---Edited-- > sorry Graham, i think i may have misunderstood, am I right in thinking this machine is not part of your domain? if it is part of the domain then you will need a different syntax than /NOMOM to install the client
    Tuesday, May 6, 2008 3:06 PM

All replies

  • Hello Graham, 
    WSUS is not required for the Client updates, there is a policy setting which allows you to define whether on failing to contact a WSUS server it should go out to Microsoft update to do its updates. 
    I think the problem you may be having is that you are either not deploying to this standalone machine using the correct syntax, it should be "ClientSetup.exe /NOMOM" failing this I would check the local policies applied to that machine with regards to windows update and make sure it has the windows update service enabled.. 

    I have found that on a few installations it was necessary to reboot after the install and then attempt to do a manual windows update to get the fist engine updates running, after that it was all fully automated. 

    if you have a Forefront server deployed you can define a new policy as .reg file and then apply it to the machine in question using an executable called fsclocalpolicytool.exe i believe, applying it with the tool simply means that you are able to replace or remove the policy with ease.. Try the first two solutions, if they dont work get back to us and we can check to see if you have the correct FCS policy applied, are you able to update the OS or other apps using Microsoft update? 
    Cheers 


    ---Edited-- > sorry Graham, i think i may have misunderstood, am I right in thinking this machine is not part of your domain? if it is part of the domain then you will need a different syntax than /NOMOM to install the client
    Tuesday, May 6, 2008 3:06 PM
  • Many thanks Graham
    Tuesday, May 13, 2008 8:53 AM
  • I just want to add that i've seen standalone klients failing to download updates from Microsoft update and all i did was to run windows update manually the first time and it worked fine since then.

     

    Good luck!

    /Johan

     

    Tuesday, May 13, 2008 9:48 AM