locked
Patches did not update to client Windows 7 RRS feed

  • Question

  • Hi

    We have 2 domain controllers installed on Windows server 2003 STD. Also Group policy management installed with the these servers. We have installed WSUS server on the another server that installed Windows server 2008 STD. When WSUS server  shows thelist of updates, I have deployed the updates to the clients(Windows 7 Professional). When I checked the clients, it seems that it could not find the patches update that I have deployed. So, I go back to check GPO that I created to deployed update to clients(Computer Configuration-->Administrative Templates-->Windows Update). I double click one item to see the detail, I saw it's said that supported on: Windows Server 2003,XP SP1, 2000 SP3. I thought that 's why I could not deploy the update patches to Windows 7. Then I have installed Group Policy Management on the same server 2008 that I have installed WSUS server. Then I have create new GPO, linked, enforced it. But it's still not work. I cannot deploy the update patches to client. Kindly request any suggestions for this help to deploy the update.

    Friday, November 21, 2014 5:36 AM

Answers

  • If, on the report for a particular client, the "Approval" column says "Not approved", then the update is not being associated with that client.  Approval status on the report is updated immediately with changes in WSUS, without waiting for the client to check in.

    Have you run a status report for the update itself? Click on "Computers needing this update" in the detail window for the update. If the report shows "Not approved" for the desired client, then you haven't marked the update "Approved for Install" for the right group, or the client workstation isn't in the right group, or you've found some third way it can be wrong that I haven't thought of.

    • Proposed as answer by Steven_Lee0510 Monday, December 1, 2014 2:05 PM
    • Marked as answer by Steven_Lee0510 Wednesday, December 3, 2014 2:25 PM
    Monday, November 24, 2014 10:21 PM

All replies

  • Hi

    We have 2 domain controllers installed on Windows server 2003 STD. Also Group policy management installed with the these servers. We have installed WSUS server on the another server that installed Windows server 2008 STD. When WSUS server  shows thelist of updates, I have deployed the updates to the clients(Windows 7 Professional). When I checked the clients, it seems that it could not find the patches update that I have deployed. So, I go back to check GPO that I created to deployed update to clients(Computer Configuration-->Administrative Templates-->Windows Update). I double click one item to see the detail, I saw it's said that supported on: Windows Server 2003,XP SP1, 2000 SP3. I thought that 's why I could not deploy the update patches to Windows 7. Then I have installed Group Policy Management on the same server 2008 that I have installed WSUS server. Then I have create new GPO, linked, enforced it. But it's still not work. I cannot deploy the update patches to client. Kindly request any suggestions for this help to deploy the update.

    To be frank... this is the most difficult post I have ever tried to follow in my life.

    Having said that.... if the update is not applicable to a Windows 7 system it's not going to install on a Windows 7 system.

    What exactly is the problem here?


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Sunday, November 23, 2014 2:31 AM
  • Hi Lawrence,

    The problem is I deployed the update via WSUS 3.0 to install patch on those Windows 7 clients. But it seems that it those clients could get the update from WSUS server. From WSUS server, it saw the clients machine. I checked Group Policy that running on Windows server 2003 domain controller((Computer Configuration-->Administrative Templates-->Windows Update). Then I opened one item here. Suppose I open item "Configure Automatic Update". It has the message in the bottom of this message here said that "Supported on: Windows Server 2003, XP SP1, 2000 SP3". So I was thinking is it possible that the updates could not deploy to those clients because the group policy still running on  Domain Controller Windows server 2003?

    When I built the new server that running Windows server 2008 STD and add the component Group Policy Management on that server. It will has the same policy from domain controller Windows server 2003. But when I looked in the settings in Windows Update. Suppose I opened the item "Configure Automatic Update". It said that "Supported on: At least Windows 2000 Service Pack 3 or Windows XP". Then I not sure is it need to be upgrade Domain Controller from Windows server 2003 to Windows Server 2008? When I checked the Resultant Set of policy from the client, it get the policy from Group policy domain controller, but I check Group policy on the clients. It didn't shows the policy that I set on the domain controller. Kindly you advise me how to let the policy deploy to clients running Windows 7.

    Thank you very much.

    Monday, November 24, 2014 3:08 AM
  • I wouldn't be concerned about the "Supported on:" comment; remember that Server 2003 is an earlier version than Windows 7, so Server 2003 Group Policy couldn't say it was supported on a version that hadn't yet been released.  I have a similar setup, with WSUS administered on a Server 2008 box but GP run from Server 2003; my Windows 7 clients have dealt well with WSUS straight out of the box.

    In your GPO, did you enable "Configure Automatic Updates" and did you specify an "update service location" (your WSUS server)?  Also, if you're using a limited user account on your Windows 7 clients, you must enable "Allow non-administrators to receive update notifications" as well.

    In WSUS, did you remember to assign your Windows 7 workstations to a group?  In the WSUS console, under "All Computers", click one of your Win7 clients, then in the status window click on "Updates needed" to generate a status report. The second page of the report lists the needed updates; under "Approval" does the report say "Not approved" or "Install"?  If it says "Not approved" then either you haven't properly approved the update, or haven't linked the client to the right group.


    • Edited by jjjdavidson Monday, November 24, 2014 2:48 PM
    Monday, November 24, 2014 2:47 PM
  • Hi jjjdavidson,

    Thank you for your suggestion.

    In my GPO, I have enabled for those three settings already.

    In WSUS, I have create one group and I put my computer and one staff of my team inside this group. I have deployed the update to this group. But I and my team didn't get the update alert to install the update. I have tried to create one more group and deployed the updates. those computers didn't get the update too.

    Under Approval in the report, it say not approved. I have deployed it again but still no luck.

    Monday, November 24, 2014 3:25 PM
  • If, on the report for a particular client, the "Approval" column says "Not approved", then the update is not being associated with that client.  Approval status on the report is updated immediately with changes in WSUS, without waiting for the client to check in.

    Have you run a status report for the update itself? Click on "Computers needing this update" in the detail window for the update. If the report shows "Not approved" for the desired client, then you haven't marked the update "Approved for Install" for the right group, or the client workstation isn't in the right group, or you've found some third way it can be wrong that I haven't thought of.

    • Proposed as answer by Steven_Lee0510 Monday, December 1, 2014 2:05 PM
    • Marked as answer by Steven_Lee0510 Wednesday, December 3, 2014 2:25 PM
    Monday, November 24, 2014 10:21 PM